This webpage is an attempt to assemble a ranking of top-cited security papers from the 2020s. The ranking has been created based on citations of papers published at top security conferences. More details are available here.
Top-cited papers from 2025 ⌄
1
Kushal Babel, Andrey Chursin, George Danezis, Anastasios Kichidis, Lefteris Kokoris-Kogias, Arun Koshy, Alberto Sonnino, and Mingwei Tian: Mysticeti: Reaching the Latency Limits with Uncertified DAGs. Network and Distributed System Security Symposium (NDSS), 2025
Wen-jie Lu, Zhicong Huang, Zhen Gu, Jingyu Li, Jian Liu, Cheng Hong, Kui Ren, Tao Wei, and Wenguang Chen: BumbleBee: Secure Two-party Inference Framework for Large Transformers. Network and Distributed System Security Symposium (NDSS), 2025
Nibesh Shrestha, Rohan Shrothrium, Aniket Kate, and Kartik Nayak: Sailfish: Towards Improving the Latency of DAG-Based BFT. IEEE Symposium on Security and Privacy (S&P), 2025
Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu: PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation. Network and Distributed System Security Symposium (NDSS), 2025
Yan Pang, Tianhao Wang, Xuhui Kang, Mengdi Huai, and Yang Zhang: White-box Membership Inference Attacks against Diffusion Models. Proceedings on Privacy Enhancing Technologies (PoPETS), 2025
Shlomi Hod and Ran Canetti: Differentially Private Release of Israel's National Registry of Live Births. IEEE Symposium on Security and Privacy (S&P), 2025
Shuo Shao, Yiming Li, Hongwei Yao, Yiling He, Zhan Qin, and Kui Ren: Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution. Network and Distributed System Security Symposium (NDSS), 2025
Yan Pang and Tianhao Wang: Black-box Membership Inference Attacks against Fine-tuned Diffusion Models. Network and Distributed System Security Symposium (NDSS), 2025
Xinyue Shen, Zeyuan Chen, Michael Backes, Yun Shen, and Yang Zhang: "Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models. ACM Conference on Computer and Communications Security (CCS), 2024
Gelei Deng, Yi Liu, Yuekang Li, Kailong Wang, Ying Zhang, Zefeng Li, Haoyu Wang, Tianwei Zhang, and Yang Liu: MASTERKEY: Automated Jailbreaking of Large Language Model Chatbots. Network and Distributed System Security Symposium (NDSS), 2024
Nicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum S. Anderson, Andreas Terzis, Kurt Thomas, and Florian Tramèr: Poisoning Web-Scale Training Datasets is Practical. IEEE Symposium on Security and Privacy (S&P), 2024
Ruijie Meng, Martin Mirchev, Marcel Böhme, and Abhik Roychoudhury: Large Language Model guided Protocol Fuzzing. Network and Distributed System Security Symposium (NDSS), 2024
Andy Zhou, Xiaojun Xu, Ramesh Raghunathan, Alok Lal, Xinze Guan, Bin Yu, and Bo Li: KnowGraph: Knowledge-Enabled Anomaly Detection via Logical Reasoning on Graph Data. ACM Conference on Computer and Communications Security (CCS), 2024
Yuchen Yang, Bo Hui, Haolin Yuan, Neil Gong, and Yinzhi Cao: SneakyPrompt: Jailbreaking Text-to-image Generative Models. IEEE Symposium on Security and Privacy (S&P), 2024
Xinlei He, Xinyue Shen, Zeyuan Chen, Michael Backes, and Yang Zhang: MGTBench: Benchmarking Machine-Generated Text Detection. ACM Conference on Computer and Communications Security (CCS), 2024
Saad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse K. Coskun, and Gianluca Stringhini: LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks. IEEE Symposium on Security and Privacy (S&P), 2024
Shawn Shan, Wenxin Ding, Josephine Passananti, Stanley Wu, Haitao Zheng, and Ben Y. Zhao: Nightshade: Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models. IEEE Symposium on Security and Privacy (S&P), 2024
Nicholas Carlini, Jamie Hayes, Milad Nasr, Matthew Jagielski, Vikash Sehwag, Florian Tramèr, Borja Balle, Daphne Ippolito, and Eric Wallace: Extracting Training Data from Diffusion Models. USENIX Security Symposium, 2023
Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, and Brendan Dolan-Gavitt: Examining Zero-Shot Vulnerability Repair with Large Language Models. IEEE Symposium on Security and Privacy (S&P), 2023
Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, and Santiago Zanella Béguelin: Analyzing Leakage of Personally Identifiable Information in Language Models. IEEE Symposium on Security and Privacy (S&P), 2023
Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot: When the Curious Abandon Honesty: Federated Learning Is Not Private. IEEE European Symposium on Security and Privacy (EuroS&P), 2023
Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh: Do Users Write More Insecure Code with AI Assistants? ACM Conference on Computer and Communications Security (CCS), 2023
Yi Zeng, Minzhou Pan, Hoang Anh Just, Lingjuan Lyu, Meikang Qiu, and Ruoxi Jia: Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information. ACM Conference on Computer and Communications Security (CCS), 2023
Alexander Warnecke, Lukas Pirch, Christian Wressnegger, and Konrad Rieck: Machine Unlearning of Features and Labels. Network and Distributed System Security Symposium (NDSS), 2023
Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais: SoK: Decentralized Finance (DeFi) Attacks. IEEE Symposium on Security and Privacy (S&P), 2023
Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramèr: Membership Inference Attacks From First Principles. IEEE Symposium on Security and Privacy (S&P), 2022
Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck: Dos and Don'ts of Machine Learning in Computer Security. USENIX Security Symposium, 2022
Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, and Yang Zhang: Dynamic Backdoor Attacks Against Machine Learning Models. IEEE European Symposium on Security and Privacy (EuroS&P), 2022
Kaihua Qin, Liyi Zhou, and Arthur Gervais: Quantifying Blockchain Extractable Value: How dark is the forest? IEEE Symposium on Security and Privacy (S&P), 2022
Jiayuan Ye, Aadyaa Maddi, Sasi Kumar Murakonda, Vincent Bindschaedler, and Reza Shokri: Enhanced Membership Inference Attacks against Machine Learning Models. ACM Conference on Computer and Communications Security (CCS), 2022
Virat Shejwalkar, Amir Houmansadr, Peter Kairouz, and Daniel Ramage: Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Production Federated Learning. IEEE Symposium on Security and Privacy (S&P), 2022
Mohammad Naseri, Jamie Hayes, and Emiliano De Cristofaro: Local and Central Differential Privacy for Robustness and Privacy in Federated Learning. Network and Distributed System Security Symposium (NDSS), 2022
Lucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, and Nicolas Papernot: Machine Unlearning. IEEE Symposium on Security and Privacy (S&P), 2021
Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong: FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping. Network and Distributed System Security Symposium (NDSS), 2021
Virat Shejwalkar and Amir Houmansadr: Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning. Network and Distributed System Security Symposium (NDSS), 2021
Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, and Bo Li: Detecting AI Trojans Using Meta Neural Analysis. IEEE Symposium on Security and Privacy (S&P), 2021
Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, and Nicolas Papernot: Entangled Watermarks as a Defense against Model Extraction. USENIX Security Symposium, 2021
Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong: Local Model Poisoning Attacks to Byzantine-Robust Federated Learning. USENIX Security Symposium, 2020
Vale Tolpegin, Stacey Truex, Mehmet Emre Gursoy, and Ling Liu: Data Poisoning Attacks Against Federated Learning Systems. European Symposium on Research in Computer Security (ESORICS), 2020
Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels: Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. IEEE Symposium on Security and Privacy (S&P), 2020
Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca Ada Popa: Delphi: A Cryptographic Inference Service for Neural Networks. USENIX Security Symposium, 2020
James Henry Bell, Kallista A. Bonawitz, Adrià Gascón, Tancrède Lepoint, and Mariana Raykova: Secure Single-Server Aggregation with (Poly)Logarithmic Overhead. ACM Conference on Computer and Communications Security (CCS), 2020
Clement Fung, Chris J. M. Yoon, and Ivan Beschastnikh: The Limitations of Federated Learning in Sybil Settings. International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2020
Kit Murdock, David F. Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens: Plundervolt: Software-based Fault Injection Attacks against Intel SGX. IEEE Symposium on Security and Privacy (S&P), 2020
Matthew Jagielski, Nicholas Carlini, David Berthelot, Alex Kurakin, and Nicolas Papernot: High Accuracy and High Fidelity Extraction of Neural Networks. USENIX Security Symposium, 2020
Dingfan Chen, Ning Yu, Yang Zhang, and Mario Fritz: GAN-Leaks: A Taxonomy of Membership Inference Attacks against Generative Models. ACM Conference on Computer and Communications Security (CCS), 2020