IVT Taxonomy
Info/Context
Type: End-user documentation
Audience: Current and prospective CompanyName users
Purpose: A glossary that defines the different categories of invalid traffic (IVT) detected by CompanyName. These categories help users understand the specific threats they're facing and why CompanyName categorizes them as invalid.
CompanyName analyzes a variety of signals to determine whether traffic is valid or invalid. Based on these signals, we group different forms of invalid traffic (also known as IVT) into specific threat categories, which provide transparency into the specific traits displayed by each bid request or impression.
Each invalid bid request and impression is either classified as GIVT or SIVT, then further broken down into specific threat categories that describe why the bid request or impression is invalid. Each threat category is also divided into one or more subcategories with even more information about the kind of invalid traffic we detected; however, these subcategories are not an exhaustive list of all possible forms of IVT within the parent category.
All forms of IVT will be classified according to at least one parent category, but not all bid requests and impressions will have a corresponding subcategory. For example, one bid request might be specifically classified as “False Representation - Domain Spoofing”, but another bid request might simply be classified as “False Representation.”
General invalid traffic (GIVT)
General invalid traffic is any form of IVT that's easy to identify via routine fraud detection methods like filters and industry-standard blocklists. These invalid bid requests and impressions are often driven by simple bots or crawlers, and are not always malicious.
GIVT categories and subcategories include:
Data Center
Ad traffic that originated in data centers whose IPs are linked to invalid activity (typically non-human traffic). These IP addresses are usually included on industry lists of known data centers.
Data Center Without VPN/Proxy
Traffic that originated from a known data center and is not the byproduct of a legitimate user browsing via VPN or proxy. Most traffic that falls into this subcategory is non-human automated traffic.
TAG Data Center IP List
Data center IP addresses listed in the TAG Data Center IP List.
Known Crawler
A program or automated script that identified itself as non-human through a variety of identification mechanisms. These crawlers may be included in an industry list.
IAB Spiders
Crawlers listed in the IAB Tech Lab/ABC International Spiders and Bots List.
Irregular Pattern
Ad traffic that included one or more attributes (e.g., user cookies) associated with irregular behavioral patterns, such as non-disclosed auto-refresh traffic or duplicate clicks.
Throttlers
Ad traffic from a single entity (e.g., the same device or IP address) that occurred at such an abnormally fast rate that CompanyName’s systems had to throttle the requests in real time.
Irregular Transaction
Ad traffic whose parameters were significantly irregular, unusual, or atypical, which is often a sign of deliberate tampering.
Undeclared IP Space
Ad traffic associated with IP addresses in unregistered spaces that deviate from IANA-designated address blocks. These IP addresses are typically not valid and are likely spoofed in some manner.
Sophisticated invalid traffic (SIVT)
Sophisticated invalid traffic is a form of IVT that resembles authentic behavior. Some of these invalid bid requests are driven by malicious bots designed to evade detection; others involve misleading user interfaces that trick legitimate human users or real bid requests whose parameters were altered. Since SIVT can’t be identified via the same routine methods used to identify GIVT, the only consistent way to detect SIVT is by using advanced tools that analyze each bid request and impression.
SIVT categories and subcategories include:
Automated Browsing
A program or automated script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler.
Botnets
A coordinated group of programs or automated scripts that requested web content (including digital ads) without user involvement and without identifying themselves as crawlers.
General Automated Browsing
A program or script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler, but is not part of an identified botnet.
False Representation
A bid request for inventory that differed from the actual inventory being supplied, including ad traffic where the actual ad was rendered to an unexpected website or application, or other discrepancies between the expected and actual device type, geographical location, or media type.
App Spoofing
A bid request for inventory in an application that differed from the actual application where inventory was supplied.
Domain Spoofing
A bid request for inventory on a domain that differed from the actual domain where inventory was supplied.
Emulators Masquerading as Real Devices
Ad traffic that claimed to originate from a real user device but displayed signs of emulation or other invalid device traits, like an impossible device/model combination.
Invalid Transaction Parameters*
An ad request whose transaction parameters were significantly misconfigured or malformed, often due to missing information or other benign errors.
*Per the Media Rating Council’s standards, the Invalid Transaction Parameters subcategory is classified as a form of GIVT, since this type of issue is relatively easy to detect. However, Invalid Transaction Parameters still belongs to the False Representation parent category, and this parent category is broadly classified as SIVT.
Parameter Mismatch
An ad request that had a significant mismatch between its declared and detected parameters. For example, the transacted bid request may have declared itself as an iOS device, but the impression was detected on a Windows device.
Spoofed Measurements
A bid request whose properties were modified in an attempt to conceal evidence of automated or otherwise inauthentic behavior.
Misleading User Interface
A web page, application, or other visual element that was modified to falsely include one or more ads. This includes rendering ads that are not visible to the user, injecting ads without a publisher’s consent, or tricking users to click on an ad.
Ad Hiding
An ad that could not be seen because it was hidden behind other ads or website content, displayed in a tiny iframe, or rendered unviewable by other means.
Invalid Placement*
An ad that was rendered inside an iframe with 0x0 dimensions, making it functionally invisible to users.
*Per the Media Rating Council’s standards, the Invalid Placement subcategory is classified as a form of GIVT, since this type of issue is relatively easy to detect. However, Invalid Placement still belongs to the Misleading User Interface parent category, and this parent category is broadly classified as SIVT.
Stacked Ads
A series of ad placements in which multiple ads were layered on top of each other, leaving only the topmost ad visible.
Undisclosed Classification
Invalid traffic that could not be classified using any of the other categories in the taxonomy, or invalid traffic with sensitive attributes that CompanyName cannot disclose.
IVT - Machine Learning Model
Invalid traffic that was identified by CompanyName’s machine learning models but could not be classified as a specific IVT category.