This webpage is an attempt to assemble a ranking of top-cited security papers from the 2020s. The ranking has been created based on citations of papers published at top security conferences. More details are available here.
Top-cited papers from 2025 ⌄
1
Wen-jie Lu, Zhicong Huang, Zhen Gu, Jingyu Li, Jian Liu, Cheng Hong, Kui Ren, Tao Wei, and Wenguang Chen: BumbleBee: Secure Two-party Inference Framework for Large Transformers. Network and Distributed System Security Symposium (NDSS), 2025
Ye Liu, Yue Xue, Daoyuan Wu, Yuqiang Sun, Yi Li, Miaolei Shi, and Yang Liu: PropertyGPT: LLM-driven Formal Verification of Smart Contracts through Retrieval-Augmented Property Generation. Network and Distributed System Security Symposium (NDSS), 2025
Yan Pang, Tianhao Wang, Xuhui Kang, Mengdi Huai, and Yang Zhang: White-box Membership Inference Attacks against Diffusion Models. Proceedings on Privacy Enhancing Technologies (PoPETS), 2025
Shuo Shao, Yiming Li, Hongwei Yao, Yiling He, Zhan Qin, and Kui Ren: Explanation as a Watermark: Towards Harmless and Multi-bit Model Ownership Verification via Watermarking Feature Attribution. Network and Distributed System Security Symposium (NDSS), 2025
Tian Dong, Minhui Xue, Guoxing Chen, Rayne Holland, Yan Meng, Shaofeng Li, Zhen Liu, and Haojin Zhu: The Philosopher's Stone: Trojaning Plugins of Large Language Models. Network and Distributed System Security Symposium (NDSS), 2025
Yan Pang and Tianhao Wang: Black-box Membership Inference Attacks against Fine-tuned Diffusion Models. Network and Distributed System Security Symposium (NDSS), 2025
Cong Zuo, Shangqi Lai, Shi-Feng Sun, Xingliang Yuan, Joseph K. Liu, Jun Shao, Huaxiong Wang, Liehuang Zhu, and Shujie Cui: Searchable Encryption for Conjunctive Queries with Extended Forward and Backward Privacy. Proceedings on Privacy Enhancing Technologies (PoPETS), 2025
Jayshree Sarathy and Salil P. Vadhan: Analyzing the Differentially Private Theil-Sen Estimator for Simple Linear Regression. Proceedings on Privacy Enhancing Technologies (PoPETS), 2025
Jan Lauinger, Jens Ernstberger, Andreas Finkenzeller, and Sebastian Steinhorst: Janus: Fast Privacy-Preserving Data Provenance For TLS. Proceedings on Privacy Enhancing Technologies (PoPETS), 2025
Xinyue Shen, Zeyuan Chen, Michael Backes, Yun Shen, and Yang Zhang: "Do Anything Now": Characterizing and Evaluating In-The-Wild Jailbreak Prompts on Large Language Models. ACM Conference on Computer and Communications Security (CCS), 2024
Nicholas Carlini, Matthew Jagielski, Christopher A. Choquette-Choo, Daniel Paleka, Will Pearce, Hyrum S. Anderson, Andreas Terzis, Kurt Thomas, and Florian Tramèr: Poisoning Web-Scale Training Datasets is Practical. IEEE Symposium on Security and Privacy (S&P), 2024
Gelei Deng, Yi Liu, Yuekang Li, Kailong Wang, Ying Zhang, Zefeng Li, Haoyu Wang, Tianwei Zhang, and Yang Liu: MASTERKEY: Automated Jailbreaking of Large Language Model Chatbots. Network and Distributed System Security Symposium (NDSS), 2024
Xinlei He, Xinyue Shen, Zeyuan Chen, Michael Backes, and Yang Zhang: MGTBench: Benchmarking Machine-Generated Text Detection. ACM Conference on Computer and Communications Security (CCS), 2024
Ruijie Meng, Martin Mirchev, Marcel Böhme, and Abhik Roychoudhury: Large Language Model guided Protocol Fuzzing. Network and Distributed System Security Symposium (NDSS), 2024
Zhiyuan Yu, Xiaogeng Liu, Shunning Liang, Zach Cameron, Chaowei Xiao, and Ning Zhang: Don't Listen To Me: Understanding and Exploring Jailbreak Prompts of Large Language Models. USENIX Security Symposium, 2024
Shawn Shan, Wenxin Ding, Josephine Passananti, Stanley Wu, Haitao Zheng, and Ben Y. Zhao: Nightshade: Prompt-Specific Poisoning Attacks on Text-to-Image Generative Models. IEEE Symposium on Security and Privacy (S&P), 2024
Yuchen Yang, Bo Hui, Haolin Yuan, Neil Gong, and Yinzhi Cao: SneakyPrompt: Jailbreaking Text-to-image Generative Models. IEEE Symposium on Security and Privacy (S&P), 2024
Nicholas Carlini, Jamie Hayes, Milad Nasr, Matthew Jagielski, Vikash Sehwag, Florian Tramèr, Borja Balle, Daphne Ippolito, and Eric Wallace: Extracting Training Data from Diffusion Models. USENIX Security Symposium, 2023
Hammond Pearce, Benjamin Tan, Baleegh Ahmad, Ramesh Karri, and Brendan Dolan-Gavitt: Examining Zero-Shot Vulnerability Repair with Large Language Models. IEEE Symposium on Security and Privacy (S&P), 2023
Nils Lukas, Ahmed Salem, Robert Sim, Shruti Tople, Lukas Wutschitz, and Santiago Zanella Béguelin: Analyzing Leakage of Personally Identifiable Information in Language Models. IEEE Symposium on Security and Privacy (S&P), 2023
Neil Perry, Megha Srivastava, Deepak Kumar, and Dan Boneh: Do Users Write More Insecure Code with AI Assistants? ACM Conference on Computer and Communications Security (CCS), 2023
Franziska Boenisch, Adam Dziedzic, Roei Schuster, Ali Shahin Shamsabadi, Ilia Shumailov, and Nicolas Papernot: When the Curious Abandon Honesty: Federated Learning Is Not Private. IEEE European Symposium on Security and Privacy (EuroS&P), 2023
Yi Zeng, Minzhou Pan, Hoang Anh Just, Lingjuan Lyu, Meikang Qiu, and Ruoxi Jia: Narcissus: A Practical Clean-Label Backdoor Attack with Limited Information. ACM Conference on Computer and Communications Security (CCS), 2023
Maurice Weber, Xiaojun Xu, Bojan Karlas, Ce Zhang, and Bo Li: RAB: Provable Robustness Against Backdoor Attacks. IEEE Symposium on Security and Privacy (S&P), 2023
Alexander Warnecke, Lukas Pirch, Christian Wressnegger, and Konrad Rieck: Machine Unlearning of Features and Labels. Network and Distributed System Security Symposium (NDSS), 2023
Nicholas Carlini, Steve Chien, Milad Nasr, Shuang Song, Andreas Terzis, and Florian Tramèr: Membership Inference Attacks From First Principles. IEEE Symposium on Security and Privacy (S&P), 2022
Daniel Arp, Erwin Quiring, Feargus Pendlebury, Alexander Warnecke, Fabio Pierazzi, Christian Wressnegger, Lorenzo Cavallaro, and Konrad Rieck: Dos and Don'ts of Machine Learning in Computer Security. USENIX Security Symposium, 2022
Kaihua Qin, Liyi Zhou, and Arthur Gervais: Quantifying Blockchain Extractable Value: How dark is the forest? IEEE Symposium on Security and Privacy (S&P), 2022
Virat Shejwalkar, Amir Houmansadr, Peter Kairouz, and Daniel Ramage: Back to the Drawing Board: A Critical Evaluation of Poisoning Attacks on Production Federated Learning. IEEE Symposium on Security and Privacy (S&P), 2022
Ahmed Salem, Rui Wen, Michael Backes, Shiqing Ma, and Yang Zhang: Dynamic Backdoor Attacks Against Machine Learning Models. IEEE European Symposium on Security and Privacy (EuroS&P), 2022
Jiayuan Ye, Aadyaa Maddi, Sasi Kumar Murakonda, Vincent Bindschaedler, and Reza Shokri: Enhanced Membership Inference Attacks against Machine Learning Models. ACM Conference on Computer and Communications Security (CCS), 2022
Nicholas Carlini, Florian Tramèr, Eric Wallace, Matthew Jagielski, Ariel Herbert-Voss, Katherine Lee, Adam Roberts, Tom B. Brown, Dawn Song, Úlfar Erlingsson, Alina Oprea, and Colin Raffel: Extracting Training Data from Large Language Models. USENIX Security Symposium, 2021
Lucas Bourtoule, Varun Chandrasekaran, Christopher A. Choquette-Choo, Hengrui Jia, Adelin Travers, Baiwu Zhang, David Lie, and Nicolas Papernot: Machine Unlearning. IEEE Symposium on Security and Privacy (S&P), 2021
Xiaoyu Cao, Minghong Fang, Jia Liu, and Neil Zhenqiang Gong: FLTrust: Byzantine-robust Federated Learning via Trust Bootstrapping. Network and Distributed System Security Symposium (NDSS), 2021
Virat Shejwalkar and Amir Houmansadr: Manipulating the Byzantine: Optimizing Model Poisoning Attacks and Defenses for Federated Learning. Network and Distributed System Security Symposium (NDSS), 2021
Xiaojun Xu, Qi Wang, Huichen Li, Nikita Borisov, Carl A. Gunter, and Bo Li: Detecting AI Trojans Using Meta Neural Analysis. IEEE Symposium on Security and Privacy (S&P), 2021
Ellis Fenske, Dane Brown, Jeremy Martin, Travis Mayberry, Peter Ryan, and Erik C. Rye: Three Years Later: A Study of MAC Address Randomization In Mobile Devices And When It Succeeds. Proceedings on Privacy Enhancing Technologies (PoPETS), 2021
Minghong Fang, Xiaoyu Cao, Jinyuan Jia, and Neil Zhenqiang Gong: Local Model Poisoning Attacks to Byzantine-Robust Federated Learning. USENIX Security Symposium, 2020
Vale Tolpegin, Stacey Truex, Mehmet Emre Gursoy, and Ling Liu: Data Poisoning Attacks Against Federated Learning Systems. European Symposium on Research in Computer Security (ESORICS), 2020
Jianbo Chen, Michael I. Jordan, and Martin J. Wainwright: HopSkipJumpAttack: A Query-Efficient Decision-Based Attack. IEEE Symposium on Security and Privacy (S&P), 2020
Philip Daian, Steven Goldfeder, Tyler Kell, Yunqi Li, Xueyuan Zhao, Iddo Bentov, Lorenz Breidenbach, and Ari Juels: Flash Boys 2.0: Frontrunning in Decentralized Exchanges, Miner Extractable Value, and Consensus Instability. IEEE Symposium on Security and Privacy (S&P), 2020
Pratyush Mishra, Ryan Lehmkuhl, Akshayaram Srinivasan, Wenting Zheng, and Raluca Ada Popa: Delphi: A Cryptographic Inference Service for Neural Networks. USENIX Security Symposium, 2020
James Henry Bell, Kallista A. Bonawitz, Adrià Gascón, Tancrède Lepoint, and Mariana Raykova: Secure Single-Server Aggregation with (Poly)Logarithmic Overhead. ACM Conference on Computer and Communications Security (CCS), 2020
Dingfan Chen, Ning Yu, Yang Zhang, and Mario Fritz: GAN-Leaks: A Taxonomy of Membership Inference Attacks against Generative Models. ACM Conference on Computer and Communications Security (CCS), 2020
Clement Fung, Chris J. M. Yoon, and Ivan Beschastnikh: The Limitations of Federated Learning in Sybil Settings. International Symposium on Research in Attacks, Intrusions and Defenses (RAID), 2020
Matthew Jagielski, Nicholas Carlini, David Berthelot, Alex Kurakin, and Nicolas Papernot: High Accuracy and High Fidelity Extraction of Neural Networks. USENIX Security Symposium, 2020