Should you publish your infosec research in a journal or a conference?
There is an ongoing debate on whether journal papers or conference papers receive more citations in information security. Based on IEEEXplore, we evaluated thousands of papers’ average yearly citations (AYC) and found that journal papers significantly outperform conference papers. What’s more, they outperformed conference papers in all six sub-domains that we analyzed (cryptography, anonymity and privacy, network security, information hiding and steganography, digital forensics and incident response, and IoT/CPS security). We did not focus on top-tier events here but on AYC of all published works (around 5,000 publications per investigated sub-domain, resulting in approx. n=30,000).
Our paper provides lots of details on information security papers’ citations:
S. Wendzel, C. Levy-Benchton, L. Caviglione: Not all areas are equal. Analysis of citations in information security research, Scientometrics, Vol. 122, pages267-286, Springer, 2020.
[(The paper also analyses aspects which correlate with a higher number of citations, e.g. in terms of the number of authors, number of references, number of keywords used, and the length of the abstract.)]
According to our analysis, journal papers outperformed conference papers in all analyzed domains of information security (not just steganography/covert channel research!). An interesting observation was that workshop papers also outperformed conference papers in all sub-domains (steganography/information hiding, cryptography, network security, privacy/anonymity/pseudonymity, IoT/CPS security and malware research). One limitation of the work was that – again – only publications from IEEEXplore were considered (n=9,424), which our upcoming work will change.
However, when we look at the 2022 Google Scholar ranking on top-tier information security events/journals, we can see that best ranked are the following:
1) ACM CCS 2) IEEE T-IFS (journal) 3) USENIX Security Symposium
So, there would be a mix of journals and conferences, but dominated by some top conferences. While T-IFS is on rank 2, the second best journal (COAS) is on rank 6 (at least at the time of writing this posting).
In 2021, we statistically looked at information security-specific top-tier conferences and journals:
- Vrhovec S, Caviglione L, Wendzel S (2021): Crème de la Crème: Lessons from Papers in Top Publications. In: Proc. 16th International Conference on Availability, Reliability and Security (ARES 2021). ACM, DOI: 10.1145/3465481.3470027.
Among other results, the paper confirmed that top-tier conferences outperform top-tier journals in terms of attracted AYC per paper.
But it would be too easy to stop here. Because Google Scholar’s infosec-specific list excludes some top journals that are not limited to the information security domain, such as Elsevier FGCS, IEEE Trans. Industrial Electronics, and several other top journals with an often higher H5 index than the top security-related conferences.
These journals can be found in other categories of Google Scholar’s ranking and we are currently investigating whether security papers in such journals tend to outperform papers published in top security conferences, based on their number of citations. What is also interesting: in computer networking, journals clearly dominate the ranking. These results also match the results of our initial study published in Scientometrics (that I mentioned above).
I will update this post when our results are published.
- Jan-14-2022: added brief summary of results from a ARES IWSMR’21 paper on infosec citations
- Jan-29-2021: added some notes on the paper “Get me cited, Scotty” and modified the formatting.