16th ACM Workshop on
Artificial Intelligence and Security
November 30, 2023 — Copenhagen
co-located with the 30th ACM Conference on Computer and Communications Security
Photo: Pixabay

Call for Papers

Important Dates

  • Paper submission deadline: June 24 July 14th, 2023, 11:59 PM (all deadlines are AoE, UTC-12)
  • Reviews due: July 25 August 8th, 2023
  • Review Released and Acceptance notification: August 5th August 13th, 2023
  • Camera ready due: September 5, 2023
  • Workshop: November 30, 2023


Recent years have seen a dramatic increase in applications of artificial intelligence, machine learning, and data mining to security and privacy problems. The use of AI and ML in security-sensitive domains, in which adversaries may attempt to mislead or evade intelligent machines, creates new frontiers for security research. The recent widespread adoption of deep learning techniques, whose security properties are difficult to reason about directly, has only added to the importance of this research. The AISec workshop, now in its 15th year, is the leading venue for presenting and discussing new developments in the intersection of security and privacy with AI and machine learning.

Topics of Interest

Topics of interest include (but are not limited to):

Theoretical topics related to security

  • Adversarial learning
  • Security of deep learning systems
  • Robust statistics
  • Learning in games
  • Economics of security
  • Differential privacy

Security applications

  • Computer forensics
  • Spam detection
  • Phishing detection and prevention
  • Botnet detection
  • Intrusion detection and response
  • Malware identification and analysis
  • Data anonymization/de-anonymization
  • Security in social networks
  • Big data analytics for security
  • User authentication

Security-related AI problems

  • Distributed inference and decision making for security
  • Secure multiparty computation and cryptographic approaches
  • Privacy-preserving data mining
  • Adaptive side-channel attacks
  • Design and analysis of CAPTCHAs
  • AI approaches to trust and reputation
  • Vulnerability testing through intelligent probing (e.g. fuzzing)
  • Content-driven security policy management & access control
  • Techniques and methods for generating training and test sets
  • Anomalous behavior detection (e.g. for the purpose of fraud detection)
  • Model confidentiality

Submission Guidelines

We invite the following types of papers:

  • Original research papers on any topic in the intersection of AI or machine learning with security, privacy, or related areas.
  • Position and open-problem papers discussing the relationship of AI or machine learning to security or privacy. Submitted papers of this type may not substantially overlap with papers that have been published previously or that are simultaneously submitted to a journal or conference/workshop proceedings.
  • Systematization-of-knowledge papers, which should distill the AI or machine learning contributions of a previously-published series of security papers.

The authors can specify the paper type in the submission form. Paper submissions must be at most 10 pages in double-column ACM format, excluding the bibliography and well-marked appendices, and at most 12 pages overall. Papers should be in LaTeX and we recommend using the ACM format. This format is required for the camera-ready version. Please follow the main CCS formatting instructions (except with page limits as described above). In particular, we recommend using the sigconf template, which can be downloaded from https://www.acm.org/publications/proceedings-template. Accepted papers will be published by the ACM Digital Library and/or ACM Press. Committee members are not required to read the appendices, so the paper should be intelligible without them. Submissions must be in English and properly anonymized.

Submission Site

Submission link: https://aisec2023.hotcrp.com.

All accepted submissions will be presented at the workshop and included in the ACM workshop proceedings.

One author of each accepted paper is required to attend the workshop and present the paper for it to be included in the proceedings.

For any questions, please contact one the workshop organizers at [email protected]

Best Paper Award

As in the previous editions of this workshop, we would honor outstanding contributions. To this end, we will award the best paper. The best paper will be selected by the reviewers among all the submitted papers.

In the previous edition, Stuart Millar (Rapid7 LLC), Denis Podgurskii (OWASP), Dan Kuykendall (Rapid7 LLC), Jesus Martinez del Rincon, Paul Miller (Centre for Secure Information Technologies, Queen's University Belfast) were awarded the 2022 AISec Best Paper Award for their work on “Optimising Vulnerability Triage in DAST with Deep Learning”.


Workshop Chairs

Steering Committee

Program Committee

  • Alessandro Brighente (University of Padova)
  • Ambra Demontis (University of Cagliari)
  • Andy Applebaum (Apple)
  • Angelo Sotgiu (CINI Consortium / University of Cagliari)
  • Ankit Gangwal (IIIT Hyderabad)
  • Antonio Emanuele Cinà (University of Genoa)
  • Arjun Nitin Bhagoji (University of Chicago)
  • Azqa Nadeem (TU Delft)
  • Battista Biggio (University of Cagliari)
  • Benjamin M. Ampel (University of Arizona)
  • Bobby Filar (Sublime Security)
  • Boyang Zhang (CISPA Helmholtz Center for Information Security)
  • Brad Miller (Twitter)
  • Chawin Sitawarin (UC Berkeley)
  • Christian Wressnegger (Karlsruhe Institute of Technology (KIT))
  • Clarence Chio (UC Berkeley)
  • Clinton Cao (Delft University of Technology)
  • Daniele Angioni (Università degli Studi di Cagliari)
  • Daniël Vos (Delft University of Technology )
  • Davide Maiorca (University of Cagliari, Italy)
  • Dmitrijs Trizna (University of Genova, Microsoft, Sapienza University of Rome)
  • Dongdong She (Columbia University/HKUST)
  • Edoardo Debenedetti (ETH Zurich)
  • Erwin Quiring (ICSI Berkeley, Ruhr University Bochum)
  • Fabio De Gaspari (Sapienza University of Rome)
  • Giacomo Quadrio (University of Padova)
  • Giorgio Piras (University of Cagliari)
  • Giorgio Severi (Northeastern University)
  • Giovanni Apruzzese (University of Liechtenstein)
  • Giulio Rigoni (University of Padua)
  • Hari Venugopalan (UC Davis)
  • Ilia Shumailov (University of Oxford)
  • Javier Carnerero Cano (Imperial College London)
  • Kathrin Grosse (EPFL)
  • Kexin Pei (Columbia University)
  • Lorenzo Cavallaro (University College London)
  • Luca Demetrio (Università degli Studi di Genova)
  • Luis Muñoz-González (Imperial College London)
  • Maria Rigaki (Czech Technical University)
  • Matthew Jagielski (Google)
  • Mauro Conti (University of Padua, TU Delft)
  • Pratyusa Manadhata (Meta)
  • Raouf Kerkouche (CISPA Helmholtz Center for Information Security)
  • Sagar Samtani (Indiana University)
  • Sahar Abdelnabi (CISPA Helmholtz Center for Information Security)
  • Sam Bretheim (Craigslist)
  • Sanghyun Hong (Oregon State University)
  • Scott Coull (Google)
  • Shiqi Wang (Amazon)
  • Shrikant Tangade (University of Padova, CHRIST University)
  • Thijs van Ede (University of Twente)
  • Tobias Lorenz (CISPA Helmholtz Center for Information Security)
  • Tom Ganz (SAP SE)
  • Vera Rimmer (DistriNet, KU Leuven)
  • Vikash Sehwag (Princeton University)
  • Vinod Puthuvath (Marie Curie Fellow, Cochin University)
  • Yang Zhang (CISPA Helmholtz Center for Information Security)
  • Yash Vekaria (University of California, Davis)
  • Zied Ben Houidi (Huawei Technologies Co. Ltd.)
  • Ziqi Yang (Zhejiang University)