Security Papers from the 2020s

This webpage is an attempt to assemble a ranking of top-cited security papers from the 2020s. The ranking has been created based on citations of papers published at top security conferences. More details are available here.

Top-cited papers from 2025 ⌄

  1. 1
    Kushal Babel, Andrey Chursin, George Danezis, Anastasios Kichidis, Lefteris Kokoris-Kogias, Arun Koshy, Alberto Sonnino, and Mingwei Tian:
    Mysticeti: Reaching the Latency Limits with Uncertified DAGs.
    Network and Distributed System Security Symposium (NDSS), 2025
    60 cites at Google Scholar
    2823% above average of year
    Visited: Jul-2025
    Paper: DOI
  2. 2
    Wen-jie Lu, Zhicong Huang, Zhen Gu, Jingyu Li, Jian Liu, Cheng Hong, Kui Ren, Tao Wei, and Wenguang Chen:
    BumbleBee: Secure Two-party Inference Framework for Large Transformers.
    Network and Distributed System Security Symposium (NDSS), 2025
    59 cites at Google Scholar
    2774% above average of year
    Visited: Jul-2025
    Paper: DOI
  3. 3
    Jiawen Zhang, Xinpeng Yang, Lipeng He, Kejia Chen, Wen-jie Lu, Yinghao Wang, Xiaoyang Hou, Jian Liu, Kui Ren, and Xiaohu Yang:
    Secure Transformer Inference Made Non-interactive.
    Network and Distributed System Security Symposium (NDSS), 2025
    33 cites at Google Scholar
    1507% above average of year
    Visited: Jul-2025
    Paper: DOI
  4. 4
    Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu:
    PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation.
    Network and Distributed System Security Symposium (NDSS), 2025
    27 cites at Google Scholar
    1215% above average of year
    Visited: May-2025
    Paper: DOI
  5. 5
    Yan Pang, Tianhao Wang, Xuhui Kang, Mengdi Huai, and Yang Zhang:
    White-box Membership Inference Attacks against Diffusion Models.
    Proceedings on Privacy Enhancing Technologies (PoPETS), 2025
    26 cites at Google Scholar
    1166% above average of year
    Visited: May-2025
    Paper: DOI
  6. 6
    Shlomi Hod and Ran Canetti:
    Differentially Private Release of Israel's National Registry of Live Births.
    IEEE Symposium on Security and Privacy (S&P), 2025
    24 cites at Google Scholar
    1069% above average of year
    Visited: Jul-2025
    Paper: DOI
  7. 7
    Shuo Shao, Yiming Li, Hongwei Yao, Yiling He, Zhan Qin, and Kui Ren:
    Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution.
    Network and Distributed System Security Symposium (NDSS), 2025
    22 cites at Google Scholar
    972% above average of year
    Visited: May-2025
    Paper: DOI
  8. 8
    Yan Pang and Tianhao Wang:
    Black-box Membership Inference Attacks against Fine-tuned Diffusion Models.
    Network and Distributed System Security Symposium (NDSS), 2025
    19 cites at Google Scholar
    826% above average of year
    Visited: Jul-2025
    Paper: DOI
  9. 9
    Trisha Datta, Binyi Chen, and Dan Boneh:
    VerITAS: Verifying Image Transformations at Scale.
    IEEE Symposium on Security and Privacy (S&P), 2025
    19 cites at Google Scholar
    826% above average of year
    Visited: Jul-2025
    Paper: DOI
  10. 10
    Tian Dong, Minhui Xue, Guoxing Chen, Rayne Holland, Yan Meng, Shaofeng Li, Zhen Liu, and Haojin Zhu:
    The Philosopher's Stone: Trojaning Plugins of Large Language Models.
    Network and Distributed System Security Symposium (NDSS), 2025
    17 cites at Google Scholar
    728% above average of year
    Visited: Jun-2025
    Paper: DOI

Top-cited papers from 2024 ⌄

  1. 1
    Xinyue Shen, Zeyuan Chen, Michael Backes, Yun Shen, and Yang Zhang:
    "Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models.
    ACM Conference on Computer and Communications Security (CCS), 2024
    563 cites at Google Scholar
    7405% above average of year
    Visited: May-2025
    Paper: DOI
  2. 2
    Gelei Deng, Yi Liu, Yuekang Li, Kailong Wang, Ying Zhang, Zefeng Li, Haoyu Wang, Tianwei Zhang, and Yang Liu:
    MASTERKEY: Automated Jailbreaking of Large Language Model Chatbots.
    Network and Distributed System Security Symposium (NDSS), 2024
    397 cites at Google Scholar
    5192% above average of year
    Visited: Jun-2025
    Paper: DOI
  3. 3
    Nicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum S. Anderson, Andreas Terzis, Kurt Thomas, and Florian Tramèr:
    Poisoning Web-Scale Training Datasets is Practical.
    IEEE Symposium on Security and Privacy (S&P), 2024
    270 cites at Google Scholar
    3499% above average of year
    Visited: Jul-2025
    Paper: DOI
  4. 4
    Ruijie Meng, Martin Mirchev, Marcel Böhme, and Abhik Roychoudhury:
    Large Language Model guided Protocol Fuzzing.
    Network and Distributed System Security Symposium (NDSS), 2024
    169 cites at Google Scholar
    2153% above average of year
    Visited: Jun-2025
    Paper: DOI
  5. 5
    Yupei Liu, Yuqi Jia, Runpeng Geng, Jinyuan Jia, and Neil Zhenqiang Gong:
    Formalizing and Benchmarking Prompt Injection Attacks and Defenses.
    USENIX Security Symposium, 2024
    158 cites at Google Scholar
    2006% above average of year
    Visited: Jul-2025
    Paper: DOI
  6. 6
    Andy Zhou, Xiaojun Xu, Ramesh Raghunathan, Alok Lal, Xinze Guan, Bin Yu, and Bo Li:
    KnowGraph: Knowledge-Enabled Anomaly Detection via Logical Reasoning on Graph Data.
    ACM Conference on Computer and Communications Security (CCS), 2024
    156 cites at Google Scholar
    1980% above average of year
    Visited: Jun-2025
    Paper: DOI
  7. 7
    Yuchen Yang, Bo Hui, Haolin Yuan, Neil Gong, and Yinzhi Cao:
    SneakyPrompt: Jailbreaking Text-to-image Generative Models.
    IEEE Symposium on Security and Privacy (S&P), 2024
    143 cites at Google Scholar
    1806% above average of year
    Visited: Jul-2025
    Paper: DOI
  8. 8
    Xinlei He, Xinyue Shen, Zeyuan Chen, Michael Backes, and Yang Zhang:
    MGTBench: Benchmarking Machine-Generated Text Detection.
    ACM Conference on Computer and Communications Security (CCS), 2024
    132 cites at Google Scholar
    1660% above average of year
    Visited: Jul-2025
    Paper: DOI
  9. 9
    Saad Ullah, Mingji Han, Saurabh Pujar, Hammond Pearce, Ayse K. Coskun, and Gianluca Stringhini:
    LLMs Cannot Reliably Identify and Reason About Security Vulnerabilities (Yet?): A Comprehensive Evaluation, Framework, and Benchmarks.
    IEEE Symposium on Security and Privacy (S&P), 2024
    124 cites at Google Scholar
    1553% above average of year
    Visited: Jul-2025
    Paper: DOI
  10. 10
    Shawn Shan, Wenxin Ding, Josephine Passananti, Stanley Wu, Haitao Zheng, and Ben Y. Zhao:
    Nightshade: Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models.
    IEEE Symposium on Security and Privacy (S&P), 2024
    108 cites at Google Scholar
    1340% above average of year
    Visited: Jun-2025
    Paper: DOI

Top-cited papers from 2023 ⌄

  1. 1
    Nicholas Carlini, Jamie Hayes, Milad Nasr, Matthew Jagielski, Vikash Sehwag, Florian Tramèr, Borja Balle, Daphne Ippolito, and Eric Wallace:
    Extracting Training Data from Diffusion Models.
    USENIX Security Symposium, 2023
    780 cites at Google Scholar
    4171% above average of year
    Visited: Jun-2025
    Paper: DOI
  2. 2
    Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, and Brendan Dolan-Gavitt:
    Examining Zero-Shot Vulnerability Repair with Large Language Models.
    IEEE Symposium on Security and Privacy (S&P), 2023
    347 cites at Google Scholar
    1800% above average of year
    Visited: Apr-2025
    Paper: DOI
  3. 3
    Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, and Santiago Zanella Béguelin:
    Analyzing Leakage of Personally Identifiable Information in Language Models.
    IEEE Symposium on Security and Privacy (S&P), 2023
    282 cites at Google Scholar
    1444% above average of year
    Visited: Jul-2025
    Paper: DOI
  4. 4
    Shawn Shan, Jenna Cryan, Emily Wenger, Haitao Zheng, Rana Hanocka, and Ben Y. Zhao:
    Glaze: Protecting Artists from Style Mimicry by Text-to-Image Models.
    USENIX Security Symposium, 2023
    250 cites at Google Scholar
    1269% above average of year
    Visited: Jun-2025
    Paper: DOI
  5. 5
    Linyi Li, Tao Xie, and Bo Li:
    SoK: Certified Robustness for Deep Neural Networks.
    IEEE Symposium on Security and Privacy (S&P), 2023
    243 cites at Google Scholar
    1231% above average of year
    Visited: Jun-2025
    Paper: DOI
  6. 6
    Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot:
    When the Curious Abandon Honesty: Federated Learning Is Not Private.
    IEEE European Symposium on Security and Privacy (EuroS&P), 2023
    240 cites at Google Scholar
    1214% above average of year
    Visited: Jun-2025
    Paper: DOI
  7. 7
    Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh:
    Do Users Write More Insecure Code with AI Assistants?
    ACM Conference on Computer and Communications Security (CCS), 2023
    238 cites at Google Scholar
    1203% above average of year
    Visited: Jun-2025
    Paper: DOI
  8. 8
    Alexander Warnecke, Lukas Pirch, Christian Wressnegger, and Konrad Rieck:
    Machine Unlearning of Features and Labels.
    Network and Distributed System Security Symposium (NDSS), 2023
    229 cites at Google Scholar
    1154% above average of year
    Visited: Jun-2025
    Paper: DOI
  9. 9
    Liyi Zhou, Xihan Xiong, Jens Ernstberger, Stefanos Chaliasos, Zhipeng Wang, Ye Wang, Kaihua Qin, Roger Wattenhofer, Dawn Song, and Arthur Gervais:
    SoK: Decentralized Finance (DeFi) Attacks.
    IEEE Symposium on Security and Privacy (S&P), 2023
    213 cites at Google Scholar
    1066% above average of year
    Visited: Jun-2025
    Paper: DOI
  10. 10
    Yi Zeng, Minzhou Pan, Hoang Anh Just, Lingjuan Lyu, Meikang Qiu, and Ruoxi Jia:
    Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information.
    ACM Conference on Computer and Communications Security (CCS), 2023
    203 cites at Google Scholar
    1012% above average of year
    Visited: Apr-2025
    Paper: DOI

Top-cited papers from 2022 ⌄

  1. 1
    Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramèr:
    Membership Inference Attacks From First Principles.
    IEEE Symposium on Security and Privacy (S&P), 2022
    906 cites at Google Scholar
    2748% above average of year
    Visited: Jun-2025
    Paper: DOI
  2. 2
    Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck:
    Dos and Don'ts of Machine Learning in Computer Security.
    USENIX Security Symposium, 2022
    511 cites at Google Scholar
    1506% above average of year
    Visited: Jun-2025
    Paper: DOI
  3. 3
    Thien Duc Nguyen, Phillip Rieger, Huili Chen, Hossein Yalame, Helen Möllering, Hossein Fereidooni, Samuel Marchal, Markus Miettinen, Azalia Mirhoseini, Shaza Zeitouni, Farinaz Koushanfar, Ahmad-Reza Sadeghi, and Thomas Schneider:
    FLAME: Taming Backdoors in Federated Learning.
    USENIX Security Symposium, 2022
    390 cites at Google Scholar
    1126% above average of year
    Visited: May-2025
    Paper: DOI
  4. 4
    Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, and Yang Zhang:
    Dynamic Backdoor Attacks Against Machine Learning Models.
    IEEE European Symposium on Security and Privacy (EuroS&P), 2022
    383 cites at Google Scholar
    1104% above average of year
    Visited: Jul-2025
    Paper: DOI
  5. 5
    Kaihua Qin, Liyi Zhou, and Arthur Gervais:
    Quantifying Blockchain Extractable Value: How dark is the forest?
    IEEE Symposium on Security and Privacy (S&P), 2022
    358 cites at Google Scholar
    1025% above average of year
    Visited: May-2025
    Paper: DOI
  6. 6
    Virat Shejwalkar, Amir Houmansadr, Peter Kairouz, and Daniel Ramage:
    Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Production Federated Learning.
    IEEE Symposium on Security and Privacy (S&P), 2022
    348 cites at Google Scholar
    994% above average of year
    Visited: May-2025
    Paper: DOI
  7. 7
    Jiayuan Ye, Aadyaa Maddi, Sasi Kumar Murakonda, Vincent Bindschaedler, and Reza Shokri:
    Enhanced Membership Inference Attacks against Machine Learning Models.
    ACM Conference on Computer and Communications Security (CCS), 2022
    345 cites at Google Scholar
    984% above average of year
    Visited: Jul-2025
    Paper: DOI
  8. 8
    Mohammad Naseri, Jamie Hayes, and Emiliano De Cristofaro:
    Local and Central Differential Privacy for Robustness and Privacy in Federated Learning.
    Network and Distributed System Security Symposium (NDSS), 2022
    318 cites at Google Scholar
    900% above average of year
    Visited: Jul-2025
    Paper: DOI
  9. 9
    Zhicong Huang, Wen-jie Lu, Cheng Hong, and Jiansheng Ding:
    Cheetah: Lean and Fast Secure Two-Party Deep Neural Network Inference.
    USENIX Security Symposium, 2022
    291 cites at Google Scholar
    815% above average of year
    Visited: Jun-2025
    Paper: DOI
  10. 10
    Theresa Stadler, Bristena Oprisanu, and Carmela Troncoso:
    Synthetic Data - Anonymisation Groundhog Day.
    USENIX Security Symposium, 2022
    272 cites at Google Scholar
    755% above average of year
    Visited: May-2025
    Paper: DOI

Top-cited papers from 2021 ⌄

  1. 1
    Nicholas Carlini, Florian Tramèr, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom B. Brown, Dawn Song, Úlfar Erlingsson, Alina Oprea, and Colin Raffel:
    Extracting Training Data from Large Language Models.
    USENIX Security Symposium, 2021
    2538 cites at Google Scholar
    4774% above average of year
    Visited: Jul-2025
    Paper: DOI
  2. 2
    Lucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, and Nicolas Papernot:
    Machine Unlearning.
    IEEE Symposium on Security and Privacy (S&P), 2021
    1187 cites at Google Scholar
    2179% above average of year
    Visited: Jul-2025
    Paper: DOI
  3. 3
    Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong:
    FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping.
    Network and Distributed System Security Symposium (NDSS), 2021
    776 cites at Google Scholar
    1390% above average of year
    Visited: Apr-2025
    Paper: DOI
  4. 4
    Virat Shejwalkar and Amir Houmansadr:
    Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning.
    Network and Distributed System Security Symposium (NDSS), 2021
    582 cites at Google Scholar
    1018% above average of year
    Visited: Jun-2025
    Paper: DOI
  5. 5
    Liwei Song and Prateek Mittal:
    Systematic Evaluation of Privacy Risks of Machine Learning Models.
    USENIX Security Symposium, 2021
    493 cites at Google Scholar
    847% above average of year
    Visited: Jul-2025
    Paper: DOI
  6. 6
    Xiaoyi Chen, Ahmed Salem, Dingfan Chen, Michael Backes, Shiqing Ma, Qingni Shen, Zhonghai Wu, and Yang Zhang:
    BadNL: Backdoor Attacks against NLP Models with Semantic-preserving Improvements.
    Annual Computer Security Applications Conference (ACSAC), 2021
    454 cites at Google Scholar
    772% above average of year
    Visited: Jul-2025
    Paper: DOI
  7. 7
    Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, and Bo Li:
    Detecting AI Trojans Using Meta Neural Analysis.
    IEEE Symposium on Security and Privacy (S&P), 2021
    404 cites at Google Scholar
    676% above average of year
    Visited: Jul-2025
    Paper: DOI
  8. 8
    Eugene Bagdasaryan and Vitaly Shmatikov:
    Blind Backdoors in Deep Learning Models.
    USENIX Security Symposium, 2021
    397 cites at Google Scholar
    662% above average of year
    Visited: Jul-2025
    Paper: DOI
  9. 9
    Sameer Wagh, Shruti Tople, Fabrice Benhamouda, Eyal Kushilevitz, Prateek Mittal, and Tal Rabin:
    Falcon: Honest-Majority Maliciously Secure Framework for Private Deep Learning.
    Proceedings on Privacy Enhancing Technologies (PoPETS), 2021
    362 cites at Google Scholar
    595% above average of year
    Visited: Jul-2025
    Paper: DOI
  10. 10
    Hengrui Jia, Christopher A. Choquette-Choo, Varun Chandrasekaran, and Nicolas Papernot:
    Entangled Watermarks as a Defense against Model Extraction.
    USENIX Security Symposium, 2021
    317 cites at Google Scholar
    509% above average of year
    Visited: Jun-2025
    Paper: DOI

Top-cited papers from 2020 ⌄

  1. 1
    Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong:
    Local Model Poisoning Attacks to Byzantine-Robust Federated Learning.
    USENIX Security Symposium, 2020
    1537 cites at Google Scholar
    1978% above average of year
    Visited: Jun-2025
    Paper: DOI
  2. 2
    Vale Tolpegin, Stacey Truex, Mehmet Emre Gursoy, and Ling Liu:
    Data Poisoning Attacks Against Federated Learning Systems.
    European Symposium on Research in Computer Security (ESORICS), 2020
    1009 cites at Google Scholar
    1264% above average of year
    Visited: Jun-2025
    Paper: DOI
  3. 3
    Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels:
    Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability.
    IEEE Symposium on Security and Privacy (S&P), 2020
    960 cites at Google Scholar
    1198% above average of year
    Visited: Jun-2025
    Paper: DOI
  4. 4
    Jianbo Chen, Michael I. Jordan, and Martin J. Wainwright:
    HopSkipJumpAttack: A Query-Efficient Decision-Based Attack.
    IEEE Symposium on Security and Privacy (S&P), 2020
    928 cites at Google Scholar
    1155% above average of year
    Visited: Jul-2025
    Paper: DOI
  5. 5
    Marcel Keller:
    MP-SPDZ: A Versatile Framework for Multi-Party Computation.
    ACM Conference on Computer and Communications Security (CCS), 2020
    660 cites at Google Scholar
    792% above average of year
    Visited: Jul-2025
    Paper: DOI
  6. 6
    Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca Ada Popa:
    Delphi: A Cryptographic Inference Service for Neural Networks.
    USENIX Security Symposium, 2020
    579 cites at Google Scholar
    683% above average of year
    Visited: May-2025
    Paper: DOI
  7. 7
    James Henry Bell, Kallista A. Bonawitz, Adrià Gascón, Tancrède Lepoint, and Mariana Raykova:
    Secure Single-Server Aggregation with (Poly)Logarithmic Overhead.
    ACM Conference on Computer and Communications Security (CCS), 2020
    540 cites at Google Scholar
    630% above average of year
    Visited: May-2025
    Paper: DOI
  8. 8
    Clement Fung, Chris J. M. Yoon, and Ivan Beschastnikh:
    The Limitations of Federated Learning in Sybil Settings.
    International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2020
    502 cites at Google Scholar
    579% above average of year
    Visited: Jun-2025
    Paper: DOI
  9. 9
    Kit Murdock, David F. Oswald, Flavio D. Garcia, Jo Van Bulck, Daniel Gruss, and Frank Piessens:
    Plundervolt: Software-based Fault Injection Attacks against Intel SGX.
    IEEE Symposium on Security and Privacy (S&P), 2020
    496 cites at Google Scholar
    571% above average of year
    Visited: Jul-2025
    Paper: DOI
  10. 10
    Matthew Jagielski, Nicholas Carlini, David Berthelot, Alex Kurakin, and Nicolas Papernot:
    High Accuracy and High Fidelity Extraction of Neural Networks.
    USENIX Security Symposium, 2020
    486 cites at Google Scholar
    557% above average of year
    Visited: Jun-2025
    Paper: DOI