Quick View on Security Papers

For the last six years, the number of accepted papers has gradually increased in several top conferences including IEEE Security & Privacy, USENIX, NDSS, CCS, and ACSAS.  I have tried to fall the accepted papers into approximately 20 categories (fields). But obviously sometimes papers might cover more than a single field. Hence this is not an absolute classification. Note that “Miscellaneous” means either “Unclassified” or “Not yet classified”.  The top four area was: system-based, authentication/authorization, web-based, and anonymity and privacy.

Fields Related area Papers Ratio
Anonymity/Privacy PET, tor, I2P, anonymous, anonymity, privacy, … 106 7.56%
Authentication/Authorization password, trust management, SSO, access control … 112 7.98%
Cloud/Distributed Large-scale, cloud, distributed, computing, … 18 1.28%
Cryptography Symmetric, Asymmetric, ZK, PRNG, PKI, Encryption, Decryption, cipher, key, proof, … 63 4.49%
E-cash/Underground bitcoin, underground economy, … 17 1.21%
File/Storage Binary, File System, USB, data, … 43 3.06%
Forensics forensic, artifact, … 11 0.78%
Hardware/Embeded hardware, embeded, … 20 1.43%
Malware/Crimeware botnets, malware, … 69 4.92%
Memory corruption buffer overflow (stack/heap), ROP, gadget, … 21 1.50%
Miscellaneous Program Analysis, Energy, malicious, security, secure 287 20.46%
Mobile Android, iOS, smartphone, … 85 6.06%
Network-based routing, domain, Packet, Cellular, SDN, scanning, P2P, VoIP,OSPF,  RFID, wireless… 96 6.84%
Protocols  BGP, DNS, TCP/IP, … 39 2.78%
Side channel timing, storage side channel, … 19 1.35%
Social Engineering Insider Threat, social, SNS, spam, twitter, … 15 1.07%
SSL/TLS Certificate, SSL, TLS, … 20 1.43%
System-based system, implementation, OS, linux, UNIX, Kernel, Reference monitor, sandbox, binary, shell, libc, ASLR, randomization, address, code, software, program, … 153 10.91%
Virtualization/VM virtual, 22 1.57%
Web-based Injection, XSS, CSRF, banner, link, drive by download, javascript, browser, DDoS, … 108 7.70%
General attacks vulnerability, Obfuscation, hack, poison, exploit, … 79 5.63%

The following table and graph shows that the number of accepted papers has considerably increased. However, this does not necessarily mean that the acceptance rate becomes high. It indicates both the quality and quantity of papers have quite been boosted. In CCS, more than 100 papers have been accepted since 2013.



The following table/graph pair illustrates that:

  • a study on mobile/web security has increased
  • researchers are interested in anonymity/privacy, authentication/authorization techniques.
  • SSL/TLS is actively being demystified for the last couple of years.
  • E-cash and underground economy started to capture researcher’s mind after its emergence.
  • Traditional topics, including cryptography, malware, network/system based attack, and memory corruption are still hot potatoes.

paper3 paper4

The list of all papers can be found here: