This article explores a practical problem facing most junior researchers in hot computer science fields, especially in the areas of systems and network security. I'm attempting to analyze and address a significant challenge in the career of a computer security researcher, which is finding the key to successful continuous publication in what's known to be the top-tier conference phenomena. 

Now, let's understand what is a top-tier conference in computer security? A top-tier conference is a research symposium that has a thorough and often lengthy review process (stretching to nearly three months from submission to notification) with a general consensus amongst the researcher that identify it as a top-tier conference. There's really no specific criteria for being top-tier. It's sometimes the acceptance rate, that varies from year to year but is often below 20% and usually near 15%. What makes a conference a top-tier one is the researchers' consensus about it being a top-tier conference! As a result, the publications receive high citation counts and their results are thought to be more interesting than others. In case of computer security, these conferences are USENIX Security Symposium, IEEE Security and Privacy Conference (commonly known as Oakland), Network and Distributed System Security Symposium (NDSS), and ACM Conference on Computer and Communication Security (CCS). 

As the low acceptance rate and the number of submissions to these conferences suggest, there's a considerable interest in publishing in these conferences while the program committees have the luxury of hand-picking papers from amongst a large number of good publications. There are a number of issues with the publication/review process for top-tier conferences. There are cases where papers flow from one rejection to another among these conferences and get published somewhere else with a lot less attention. The program committee in these conferences doesn't really change. Many names overlap and the program committee club has unannounced quality expectations that are mysterious to junior researchers. I have heard from some with unsuccessful attempts that their strategy to finally get a paper accepted in one of the top four is to rapidly write papers and go for one full round of submissions to all the four conferences. The rationale is, well, I might get lucky and my paper may get accepted one day!

I think this top-tier conference problem is an NP-complete search problem. To see why, let P={p1, p2, p3, …} be the set of all interesting problems that are relevant to publications of the last four years in each of the four top-tier conferences mentioned above. I don't have a proof, but I claim that P is not infinitely large. Also, consider that R is a super set of P that represents the set of all possible problems to solve that are relevant to computer security. I claim that R is infinitely large. For a junior scientist, the first step towards a top-tier acceptance is to discover an element of P. For this, the following algorithm is used by many researchers.

Algorithm: Problem Selection

foreach p  R

     Analyze p, develop a model, implement your model, perform experiments

    Write a paper describing your work in the previous step

    Submit your paper to the first deadline within range 

    If your paper was accepted, then add p to Q, where  P. Stop. 

As you might notice,  the above problem selection algorithm is basically a brute-force method to discover an element of the set P, which may not even terminate. This is of course the most naive approach, and the acceptance rates suggest that an estimated 60%--80% of attempts to submit to the top four follows this algorithm and possibly terminates with a Ctl+C signal. But who knows, you may get the right p on the first iteration!

This is not even the complete picture of the problem. The first step in the loop of the problem selection algorithm is where chances of rejection increase. Frankly, it's not clear what structure of a research is most desired in the top four, neither is it clear what marks the completion of the first step. As a result, many papers will enqueue the review pool with a complete chance of rejection and the reason is that the junior researcher is not aware of the desirable style and is not experienced enough to tell what is acceptable by the community as a final draft. Thus, many executions of this naive algorithm are fundamentally flawed and a complete loop of the algorithm never gets executed. This will in turn result in missing an actual p that could be collected as an interesting problem. 

It remains an undocumented wisdom the actual criteria that if satisfied will lead to a successful acceptance, at least with a full round of submission to the top for.