There is an ongoing debate on whether journal papers or conference papers receive more citations in information security. Based on IEEEXplore, we evaluated thousands of papers’ average yearly citations (AYC) and found that journal papers significantly outperform conference papers. What’s more, they outperformed conference papers in all six sub-domains that we analyzed (cryptography, anonymity and privacy, network security, information hiding and steganography, digital forensics and incident response, and IoT/CPS security). We did not focus on top-tier events here but on AYC of all published works (around 5,000 publications per investigated sub-domain, resulting in approx. n=30,000).

Our paper provides lots of details on information security papers’ citations:

In an earlier paper entitled “Get me cited, Scotty!” from 2018, I compared citations based on the CORE rank of publications (but mostly for the steganography/covert channels domain). As expected, tier-A/A ranked publications outperform those with rank B, which both outperform lower ranks.* However, I did not split this analysis into journals and conferences – this is still (end of January 2021) ongoing work but will be available soon. However, journal papers outperformed conference papers in all analyzed domains of information security (not just steganography/covert channel research!). An interesting observation was that workshop papers also outperformed conference papers in all sub-domains (steganography/information hiding, cryptography, network security, privacy/anonymity/pseudonymity, IoT/CPS security and malware research). One limitation of the work was that – again – only publications from IEEEXplore were considered (n=9,424), which our upcoming work will change.

However, when we look at the Google Scholar ranking on top-tier information security events/journals, we can see that best ranked are the following:

1) ACM CCS 2) IEEE T-IFS (journal) 3) USENIX Security Symposium

So, there would be a mix of journals and conferences, but dominanted by some top confernces. While T-IFS is on rank 2, the second best journal (COAS) is on rank 7 (at least at the time of writing this posting).

But it would be too easy to stop here. Because Google Scholar’s list excludes some top journals that are not specific for the information security domain, such as Elsevier FGCS, IEEE Trans. Industrial Electronics, IEEE ACCESS and several other top journals with an often higher H5 index than the top security-related conferences. These journals can be found in other categories of Google Scholar’s ranking and we are currently investigating whether security papers in such journals tend to outperform papers published in top security conferences, based on their number of citations. What is also interesting: in computer networking, journals clearly dominate the ranking.

I will update this post when our results are published.

Last updates:

  • Jan-29-2021: added some notes on the paper “Get me cited, Scotty” and modified the formating.