EpochZero Learn
EpochZero LearnMulti-Domain Tech Learning Hub
Courses
LeaderboardAbout
Dashboard
EpochZero
EpochZero Learn
Multi-Domain Tech Learning Hub

Structured learning for Reverse Engineering, Cloud Security, Cryptography, and Web Development. Articles, videos, tests, and peer discussion.

Learn

  • Learning Path
  • All Articles
  • Video Lessons
  • Podcast
  • eBooks & PDFs
  • Question Banks
  • Cheatsheets
  • MCQ Banks

Tests & Forum

  • All Tests
  • REMA Tests
  • Cloud Tests
  • Forum
  • REMA Forum
  • Cloud Forum
  • Crypto Forum
  • Web Dev Forum

Campus

  • REMA Club
  • Full Stack Dev Club
  • Extension Activity
  • Events
  • CTF Competitions
  • Workshops
  • Industrial Visits

Platform

  • Dashboard
  • Leaderboard
  • About
  • Verify Certificate

© 2026 EpochZero Learn. Educational content for learning purposes.

Course Instructor: Ashish Revar

All articles
research-methodologyacademic-writingcitationsreferencing

Citations and Referencing Styles

A citation is not a formality. It is an evidence claim: "this source supports what I just said." Getting the format right matters, but getting the content right — that the source actually says what the citation implies — matters more.

Ashish Revar7 July 202610 min read1 views

Sign in to mark this article as read and track your progress.

More articlesTest your knowledge

What a Citation Claims

Before getting into formats, it is worth being precise about what citing a source actually does. When a sentence claims something and ends with a citation, the citation is an implicit promise: the cited source supports the claim. A common error is citing a paper for a finding it doesn't actually make, or citing a secondary source when the claim comes from the original study the secondary source describes. Examiners and peer reviewers spot this quickly, and it undermines the credibility of the whole report.

APA 7th Edition

APA is author-date: the in-text citation names the author and year, and the reference list provides the full entry.

In-text: (Smith & Jones, 2021) or Smith and Jones (2021) found that... When quoting directly, include the page: (Smith & Jones, 2021, p. 14)

Journal article in reference list:

Smith, A., & Jones, B. (2021). Detecting lateral movement with graph neural networks.
  Journal of Information Security, 14(3), 112–128. https://doi.org/10.xxxx/xxxx

Conference paper:

Patel, R. (2022). Federated anomaly detection under non-IID distributions.
  In Proceedings of the IEEE Symposium on Security and Privacy (pp. 45–58). IEEE.

Grey literature — MITRE ATT&CK page:

MITRE. (2024). Technique T1059: Command and scripting interpreter.
  MITRE ATT&CK. https://attack.mitre.org/techniques/T1059/

Include an access date for ATT&CK pages because MITRE updates them: Retrieved July 7, 2026, from https://...

IEEE Style

IEEE uses numbered in-text citations: [1], [2], assigned in order of first appearance. The reference list is numbered in the same order.

Journal article:

[1] A. Smith and B. Jones, "Detecting lateral movement with graph neural networks,"
    J. Inf. Security, vol. 14, no. 3, pp. 112–128, 2021.

Conference paper:

[2] R. Patel, "Federated anomaly detection under non-IID distributions,"
    in Proc. IEEE Symp. Security Privacy, 2022, pp. 45–58.

IEEE abbreviates journal names (J., Proc., vol., no., pp.) and omits DOIs from the reference list itself, though including them is increasingly common.

BibTeX and LaTeX

BibTeX is the bibliography management format used with LaTeX. Each entry has a type (@article, @inproceedings, @techreport), a citation key chosen by the author, and a set of fields.

@article{smith2021lateral,
  author    = {Smith, Alice and Jones, Bob},
  title     = {Detecting lateral movement with graph neural networks},
  journal   = {Journal of Information Security},
  year      = {2021},
  volume    = {14},
  number    = {3},
  pages     = {112--128},
  doi       = {10.xxxx/xxxx}
}

The citation key (smith2021lateral) is what appears in the LaTeX document as \cite{smith2021lateral}. The bibliography style (APA, IEEE, Vancouver) is chosen separately with a \bibliographystyle{} command, so the same .bib file works for multiple output formats.

For a GitHub repository cited as a software source:

@misc{cuckoo2023,
  author       = {{Cuckoo Sandbox Project}},
  title        = {Cuckoo Sandbox},
  year         = {2023},
  howpublished = {\url{https://cuckoosandbox.org}},
  note         = {Accessed: 7 July 2026}
}

Grey Literature and Technical Reports

Security research frequently cites sources that don't fit neatly into "journal article" or "conference paper": CERT-In advisories, MITRE ATT&CK and CVE entries, vendor threat intelligence reports, and government frameworks like NIST SP 800 series. These are grey literature — authoritative but not peer-reviewed.

Citing them is legitimate and often necessary; ignoring them because they aren't in a journal database would omit the most current and most operationally relevant sources in security research. The rule is to be transparent: label them as what they are (government report, vendor advisory, framework documentation), include enough information for the reader to retrieve the same version, and don't treat them as equivalent evidence to a peer-reviewed controlled study.

Check Your Understanding

A methodology section states: "This study follows NIST's definition of an intrusion detection system [7]." The reference [7] is a conference paper from 2017 that happens to mention NIST's definition in passing. Identify the citation error and explain what the correct approach would be.