The number of papers submitted to academic conferences is steadily rising in many scientific disciplines. To handle this growth, systems for automatic paper-reviewer assignments are increasingly used during the reviewing process. These systems use statistical topic models to characterize the content of submissions and automate the assignment to reviewers. In this paper, we show that this automation can be manipulated using adversarial learning. We propose an attack that adapts a given paper so that it misleads the assignment and selects its own reviewers. Our attack is based on a novel optimization strategy that alternates between the feature space and problem space to realize unobtrusive changes to the paper. To evaluate the feasibility of our attack, we simulate the paper-reviewer assignment of an actual security conference (IEEE S&P) with 165 reviewers on the program committee. Our results show that we can successfully select and remove reviewers without access to the assignment system. Moreover, we demonstrate that the manipulated papers remain plausible and are often indistinguishable from benign submissions.

翻译：在众多科学学科中，提交至学术会议的论文数量持续增长。为应对这一增长，审稿过程中越来越多地采用自动论文-审稿人分配系统。这些系统利用统计主题模型来刻画投稿内容特征，并自动完成审稿人的分配。本文证明，这种自动化过程可能被对抗学习所操纵。我们提出了一种攻击方法，通过调整给定论文使其误导分配机制，从而自主选择审稿人。该攻击基于一种新颖的优化策略，在特征空间与问题空间之间交替迭代，以实现对论文不易察觉的修改。为评估攻击的可行性，我们模拟了一个实际安全会议（IEEE S&P）的论文-审稿人分配过程，其程序委员会包含165名审稿人。结果表明，我们无需访问分配系统即可成功选择并排除特定审稿人。此外，实验证明被操纵的论文仍保持合理外观，且通常难以与正常投稿区分。