IVT Taxonomy
How we categorize the different threats that face the advertising ecosystem.
HUMAN analyzes a variety of signals to determine whether traffic is valid or invalid. Based on these signals, we group different forms of invalid traffic (also known as IVT) into specific threat categories, which provide transparency into the specific traits displayed by each bid request or impression.
Each invalid bid request and impression is either classified as GIVT or SIVT, then further broken down into specific threat categories that describe why the bid request or impression is invalid. Each threat category is also divided into one or more subcategories with even more information about the kind of invalid traffic we detected; however, these subcategories are not an exhaustive list of all possible forms of IVT within the parent category.
Note
All forms of IVT will be classified according to at least one parent category, but not all bid requests and impressions will have a corresponding subcategory. For example, one bid request might be specifically classified as “False Representation - Domain Spoofing”, but another bid request might simply be classified as “False Representation.”
General invalid traffic (GIVT)
General invalid traffic is any form of IVT that's easy to identify via routine fraud detection methods like filters and industry-standard blocklists. These invalid bid requests and impressions are often driven by simple bots or crawlers, and are not always malicious.
GIVT categories and subcategories include:
Data Center
Ad traffic that originated in data centers whose IPs are linked to invalid activity (typically non-human traffic). These IP addresses are usually included on industry lists of known data centers.
Data Center with no VPN or Proxy Detected
Traffic that originated from a known data center and is not the byproduct of a legitimate user browsing via VPN or proxy. Most traffic that falls into this subcategory is non-human automated traffic.
TAG Data Center IP List
Data center IP addresses listed in the TAG Data Center IP List.
Known Crawler
A program or automated script that identified itself as non-human through a variety of identification mechanisms. These crawlers may be included in an industry list.
IAB Spiders
Crawlers listed in the IAB Tech Lab/ABC International Spiders and Bots List.
Irregular Pattern
Ad traffic that included one or more attributes (e.g., user cookies) associated with irregular behavioral patterns, such as non-disclosed auto-refresh traffic or duplicate clicks.
Repeat Transactions
An ad request with identical or near-identical attributes was presented multiple times within a short time span or continues to repeat over a long period of time (e.g., hours).
Sophisticated invalid traffic (SIVT)
Sophisticated invalid traffic is a form of IVT that resembles authentic behavior. Some of these invalid bid requests are driven by malicious bots designed to evade detection; others involve misleading user interfaces that trick legitimate human users or real bid requests whose parameters were altered. Since SIVT can’t be identified via the same routine methods used to identify GIVT, the only consistent way to detect SIVT is by using advanced tools that analyze each bid request and impression.
SIVT categories and subcategories include:
Automated Browsing
A program or automated script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler.
Botnets
A coordinated group of programs or automated scripts that requested web content (including digital ads) without user involvement and without identifying themselves as crawlers.
General Automated Browsing
A program or script that requested web content (including digital ads) without user involvement and without identifying itself as a crawler, but is not part of an identified botnet.
False Representation
A bid request for inventory that differed from the actual inventory being supplied, including ad traffic where the actual ad was rendered to an unexpected website or application, or other discrepancies between the expected and actual device type, geographical location, or media type.
App Spoofing
A bid request for inventory in an application that differed from the actual application where inventory was supplied.
Domain Spoofing
A bid request for inventory on a domain that differed from the actual domain where inventory was supplied.
Emulators Masquerading as Real Devices
Ad traffic that claimed to originate from a real user device but displayed signs of emulation or other invalid device traits, like an impossible device/model combination.
Invalid Transaction Parameters*
An ad request whose transaction parameters were significantly misconfigured or malformed, often due to missing information or other benign errors.
Note
Per the Media Rating Council’s standards, the Invalid Transaction Parameters subcategory is classified as a form of GIVT, since this type of issue is relatively easy to detect. However, Invalid Transaction Parameters still belongs to the False Representation parent category, and this parent category is broadly classified as SIVT.
Parameter Mismatch
An ad request that had a significant mismatch between its declared and detected parameters. For example, the transacted bid request may have declared itself as an iOS device, but the impression was detected on a Windows device.
Spoofed Measurements
A bid request whose properties were modified in an attempt to conceal evidence of automated or otherwise inauthentic behavior.
Misleading User Interface
A web page, application, or other visual element that was modified to falsely include one or more ads. This includes rendering ads that are not visible to the user, injecting ads without a publisher’s consent, or tricking users to click on an ad.
Ad Hiding
An ad that could not be seen because it was hidden behind other ads or website content, displayed in a tiny iframe, or rendered unviewable by other means.
Invalid Placement*
An ad that was rendered inside an iframe with 0x0 dimensions, making it functionally invisible to users.
Note
Per the Media Rating Council’s standards, the Invalid Placement subcategory is classified as a form of GIVT, since this type of issue is relatively easy to detect. However, Invalid Placement still belongs to the Misleading User Interface parent category, and this parent category is broadly classified as SIVT.
Stacked Ads
A series of ad placements in which multiple ads were layered on top of each other, leaving only the topmost ad visible.
Undisclosed Classification
Invalid traffic that could not be classified using any of the other categories in the taxonomy, or invalid traffic with sensitive attributes that HUMAN cannot disclose.
IVT - Machine Learning Model
Invalid traffic that was identified by HUMAN’s machine learning models but could not be classified as a specific IVT category.
Updated 12 days ago