For the last six years, the number of accepted papers has gradually increased in several top conferences including IEEE Security & Privacy, USENIX, NDSS, CCS, and ACSAS. I have tried to fall the accepted papers into approximately 20 categories (fields). But obviously sometimes papers might cover more than a single field. Hence this is not an absolute classification. Note that “Miscellaneous” means either “Unclassified” or “Not yet classified”. The top four area was: system-based, authentication/authorization, web-based, and anonymity and privacy.
| Fields | Related area | Papers | Ratio |
| Anonymity/Privacy | PET, tor, I2P, anonymous, anonymity, privacy, … | 106 | 7.56% |
| Authentication/Authorization | password, trust management, SSO, access control … | 112 | 7.98% |
| Cloud/Distributed | Large-scale, cloud, distributed, computing, … | 18 | 1.28% |
| Cryptography | Symmetric, Asymmetric, ZK, PRNG, PKI, Encryption, Decryption, cipher, key, proof, … | 63 | 4.49% |
| E-cash/Underground | bitcoin, underground economy, … | 17 | 1.21% |
| File/Storage | Binary, File System, USB, data, … | 43 | 3.06% |
| Forensics | forensic, artifact, … | 11 | 0.78% |
| Hardware/Embeded | hardware, embeded, … | 20 | 1.43% |
| Malware/Crimeware | botnets, malware, … | 69 | 4.92% |
| Memory corruption | buffer overflow (stack/heap), ROP, gadget, … | 21 | 1.50% |
| Miscellaneous | Program Analysis, Energy, malicious, security, secure | 287 | 20.46% |
| Mobile | Android, iOS, smartphone, … | 85 | 6.06% |
| Network-based | routing, domain, Packet, Cellular, SDN, scanning, P2P, VoIP,OSPF, RFID, wireless… | 96 | 6.84% |
| Protocols | BGP, DNS, TCP/IP, … | 39 | 2.78% |
| Side channel | timing, storage side channel, … | 19 | 1.35% |
| Social Engineering | Insider Threat, social, SNS, spam, twitter, … | 15 | 1.07% |
| SSL/TLS | Certificate, SSL, TLS, … | 20 | 1.43% |
| System-based | system, implementation, OS, linux, UNIX, Kernel, Reference monitor, sandbox, binary, shell, libc, ASLR, randomization, address, code, software, program, … | 153 | 10.91% |
| Virtualization/VM | virtual, | 22 | 1.57% |
| Web-based | Injection, XSS, CSRF, banner, link, drive by download, javascript, browser, DDoS, … | 108 | 7.70% |
| General attacks | vulnerability, Obfuscation, hack, poison, exploit, … | 79 | 5.63% |
The following table and graph shows that the number of accepted papers has considerably increased. However, this does not necessarily mean that the acceptance rate becomes high. It indicates both the quality and quantity of papers have quite been boosted. In CCS, more than 100 papers have been accepted since 2013.
The following table/graph pair illustrates that:
- a study on mobile/web security has increased
- researchers are interested in anonymity/privacy, authentication/authorization techniques.
- SSL/TLS is actively being demystified for the last couple of years.
- E-cash and underground economy started to capture researcher’s mind after its emergence.
- Traditional topics, including cryptography, malware, network/system based attack, and memory corruption are still hot potatoes.
The list of all papers can be found here:
https://docs.google.com/spreadsheets/d/1jTS46mZWLiOg35_im6uALUImdlOTw6bqFPDsxeTvgd0/edit