fraud0 Detection Methodology – How We Identify Invalid Traffic (IVT)
This article explains the methodology behind fraud0’s detection system.
It describes how every website visit is analyzed in real time and how multiple layers of checks work together to identify invalid traffic (IVT).
It is part of the fraud0 Academy and forms the technical foundation for On-Site vs. In-Ad Measurement.
Why detecting IVT matters
Invalid traffic (IVT) includes visits that do not originate from real human users — from simple bots to advanced automation that imitates human behavior.
Separating these sessions is essential because IVT:
Distorts metrics like conversion rate and engagement.
Inflates campaign performance and wastes budget.
Pollutes audience and remarketing segments.
fraud0’s detection methodology is designed to uncover both General Invalid Traffic (GIVT) and Sophisticated Invalid Traffic (SIVT) as defined by the Media Rating Council (MRC).
Real-time detection
fraud0 analyzes each visit as it happens.
No sampling. No delay.
The tag running on your website (and, where active, in-ad environments) sends behavioral and technical signals to our analysis engine.
All checks execute in parallel to ensure decisions are made within the active session.
Multi-layer detection process
fraud0 combines several independent detection layers.
Each layer produces its own score.
The system then aggregates these scores in real time to classify the session.
1. Device & Browser Layer
This layer verifies the technical integrity of the visitor’s environment to identify abnormal or manipulated setups that may indicate automation or spoofing.
We analyze signals such as:
Device type, operating system, and browser consistency
Hardware and sensor data (e.g., CPU cores, GPU, device memory)
Browser fingerprints and automation traces (headless browsers, emulators, spoofed settings)
Tampered or impossible configurations (e.g., Android reporting 119 CPU cores)
fraud0 uses hundreds of hidden honey-pot elements and over 2000 cybersecurity challenges to verify browser integrity (fraud0.com/technology).
2. Behavior Layer
This layer analyzes how visitors interact with your site to identify natural human behavior versus automated or replayed actions.
We evaluate:
Mouse movement, scrolling patterns, and typing rhythm
Interaction timing (reaction times, click cadence, dwell time)
Navigation flow and event sequences
Anomalies like perfectly timed actions, uniform movement, or non-random idle periods
These signals feed into an entropy-based anomaly model that increases the likelihood of a bot classification when movement patterns appear synthetic.
3. Network & Context Layer
This layer examines how and where visitors connect to detect coordinated, anonymized, or data-center traffic patterns often linked to automated activity.
We inspect factors such as:
IP and network reputation — whether connections originate from trusted or high-risk sources
Use of proxies or anonymization tools — including VPNs or similar services
Connection consistency and frequency — to identify repeated or synchronized access patterns
Geographic and time-zone alignment — ensuring visitor locations make sense for your expected audience
Scoring & Classification
All layers feed into a scoring engine that weighs each signal and calculates an overall confidence score:
The outcome is one of three states:
Classification | Description |
|---|---|
Human | The combined evaluation of all detection signals exceeds the threshold for human confidence. |
Bot | The aggregated evaluation of all analyzed signals has met or surpassed the threshold for non-human activity. |
Suspicious | Signals are incomplete or mixed, not meeting the thresholds for either human or bot. |
Bot Rate = (Bot Sessions ÷ Total Sessions) × 100
This scoring approach ensures decisions rely on the complete set of signals across all layers, not any single indicator.
Rule stability and adaptation
fraud0 does not manually adjust thresholds or maintain static blacklists.
Changes in bot rates reflect real shifts in observed traffic patterns.
Detection logic adapts automatically through continuous learning — without changing the underlying methodology.
Relation to measurement layers
This methodology powers both on-site and in-ad measurement.
The detection principles remain the same; only the data source differs.
To understand where detection happens and what each layer uncovers, see:
→ [On-Site vs. In-Ad Measurement]
Key takeaway
fraud0’s detection methodology uses a multi-layer, real-time approach to verify every visit.
It evaluates the browser, device, behavior, and network environment to classify traffic accurately while minimizing false positives.
This ensures a balanced system that protects your analytics integrity and advertising efficiency.