What is Supply side platform?
A Supply-Side Platform (SSP) is a technology used by online publishers to automate the sale of their advertising space. In fraud prevention, it acts as a gatekeeper, analyzing ad requests to filter out invalid traffic like bots before the ad space is offered to advertisers. This ensures higher quality traffic and protects advertisers from click fraud.
How Supply side platform Works
USER VISIT
β
βΌ
[ Publisher's Website ] ββ> Generates Ad Request
β
βΌ
+-----------------------+
β Supply-Side Platform (SSP) β
β β
β βββββββββββββββββββββ β
β β Pre-Bid Analysis ββββ> [ Fraud Detection Module ]
β βββββββββββββββββββββ β β
β β β ββ (Block if fraudulent)
β (Valid Traffic) β
β βΌ β
β βββββββββββββββββββββ β
β β Real-Time Auction β<βββ[ Demand-Side Platforms (DSPs) ]
β βββββββββββββββββββββ β
β β β
β (Winning Bid) β
β βΌ β
+-----------------------+
β
βΌ
[ Ad Displayed to User ]
Initial Ad Request and Pre-Bid Analysis
When a user loads a webpage, an ad request containing various data points (like user’s device, location, and site URL) is sent to the SSP. Before initiating an auction, the SSP’s fraud detection module performs a pre-bid analysis. This crucial step involves scrutinizing the request against known fraud patterns, blacklists of suspicious IP addresses or devices, and behavioral heuristics. The goal is to identify and discard non-human or invalid traffic before it can enter the bidding pool. This pre-emptive filtering is essential for maintaining a high-quality ad ecosystem.
Real-Time Auction and Filtering
If the traffic is deemed valid, the SSP forwards the ad request to multiple Demand-Side Platforms (DSPs) and ad exchanges, initiating a real-time auction. DSPs, representing advertisers, submit bids for the impression. The SSP evaluates these bids and selects the highest one. Throughout this process, additional checks can occur, such as verifying the legitimacy of the bidding DSP. By filtering traffic from the supply side, publishers can ensure that their inventory remains valuable and trustworthy to advertisers, which helps maximize revenue and maintain a good reputation.
Diagram Element Breakdown
USER VISIT & Ad Request
This represents the start of the process, where a user’s browser requests to load ad content from a publisher’s site. This initial request is the raw data that the SSP will analyze.
Supply-Side Platform (SSP)
This is the core component where monetization and security logic intersect. The SSP receives the ad request from the publisher and is responsible for managing the subsequent auction and filtering processes.
Pre-Bid Analysis & Fraud Detection Module
This internal component of the SSP is dedicated to traffic quality. It uses various techniques to inspect the ad request for signs of fraud, such as bot activity, proxy usage, or unusual user agents. If fraud is detected, the request is blocked, preventing it from being sold.
Real-Time Auction
For legitimate requests, the SSP holds an auction, inviting DSPs to bid. This is where the commercial transaction happens. Its integrity depends on the quality of traffic allowed in by the pre-bid analysis.
Ad Displayed to User
The final step is the delivery of the winning advertiser’s creative to the user’s browser. A successful, fraud-free delivery validates the entire process, ensuring the advertiser reached a real user and the publisher monetized the impression fairly.
π§ Core Detection Logic
Example 1: IP Reputation Filtering
This logic checks the incoming request’s IP address against a known blacklist of fraudulent IPs. These blacklists are compiled from data centers, proxies, and IPs associated with past bot activity. It serves as a fundamental, first-line defense in the traffic protection pipeline.
FUNCTION handle_ad_request(request):
ip_address = request.get_ip()
IF is_blacklisted_ip(ip_address):
// Block the request, do not send to auction
RETURN "BLOCKED_FRAUDULENT_IP"
ELSE:
// Proceed to auction
initiate_auction(request)
ENDIF
Example 2: User-Agent Validation
This logic inspects the user-agent string sent by the browser or device. Bots often use outdated, unusual, or inconsistent user-agent strings. This rule flags or blocks requests that don’t match common, legitimate browser signatures, helping to filter out non-human traffic.
FUNCTION validate_user_agent(request):
user_agent = request.get_user_agent()
// List of known legitimate user-agent patterns
valid_patterns = ["Mozilla/5.0 (Windows NT 10.0; Win64; x64) ...", "Mozilla/5.0 (iPhone; CPU iPhone OS ..."]
is_valid = FALSE
FOR pattern IN valid_patterns:
IF user_agent.matches(pattern):
is_valid = TRUE
BREAK
ENDIF
ENDFOR
IF NOT is_valid:
RETURN "INVALID_USER_AGENT"
ELSE:
RETURN "VALID"
ENDIF
Example 3: Click Frequency Analysis
This logic monitors the number of clicks originating from a single user or IP address over a short period. An unusually high frequency of clicks is a strong indicator of bot activity or click farms. This heuristic helps detect automated clicking behavior that aims to inflate performance metrics.
FUNCTION check_click_frequency(user_id, timestamp):
// Store click timestamps for each user
user_clicks = get_clicks_for_user(user_id)
// Define time window (e.g., 60 seconds) and max clicks (e.g., 5)
time_window = 60
max_clicks = 5
recent_clicks = 0
FOR click_time IN user_clicks:
IF (timestamp - click_time) < time_window:
recent_clicks += 1
ENDIF
ENDFOR
IF recent_clicks > max_clicks:
// Flag as suspicious, potentially block future requests
RETURN "HIGH_FREQUENCY_CLICK_DETECTED"
ELSE:
// Record the new click
record_click(user_id, timestamp)
RETURN "NORMAL_CLICK"
ENDIF
π Practical Use Cases for Businesses
- Campaign Shielding β An SSP uses pre-bid filtering to block fraudulent impressions from entering the auction, ensuring that advertiser budgets are spent on reaching real, human audiences and not wasted on bots.
- Inventory Quality Protection β By continuously scanning for and blocking invalid traffic, an SSP protects a publisher’s reputation, making their ad inventory more valuable and trustworthy to premium advertisers and DSPs.
- Analytics Integrity β SSPs ensure that the traffic data passed to advertisers is clean. This leads to more accurate campaign performance metrics (like CTR and conversion rates), enabling businesses to make better strategic decisions based on reliable data.
- ROI Maximization β By filtering out low-quality and fraudulent traffic, SSPs increase the concentration of valuable impressions, which improves campaign effectiveness and ultimately delivers a higher return on ad spend (ROAS) for advertisers.
Example 1: Geolocation Mismatch Rule
This logic prevents fraud where bots use proxies to fake their location. It cross-references the IP address’s location with other signals (like device language or timezone) to ensure they align. Mismatches are flagged as high-risk.
FUNCTION check_geo_mismatch(request):
ip_location = get_location_from_ip(request.ip)
device_timezone = request.get_timezone()
// Check if the timezone is consistent with the IP's country
expected_timezones = get_timezones_for_country(ip_location.country)
IF device_timezone NOT IN expected_timezones:
// Flag as suspicious due to geo mismatch
RETURN "GEO_MISMATCH_DETECTED"
ELSE:
RETURN "GEO_VALIDATED"
ENDIF
Example 2: Session Authenticity Scoring
This logic assigns a trust score to a user session based on multiple behavioral factors. A new, short session with no mouse movement, immediate clicks, and a data center IP would receive a very low score and be blocked from the auction.
FUNCTION score_session_authenticity(session):
score = 100 // Start with a perfect score
IF is_datacenter_ip(session.ip):
score = score - 50
IF session.duration_seconds < 5:
score = score - 20
IF session.mouse_movements == 0:
score = score - 30
// A score below a certain threshold (e.g., 50) is considered fraudulent
IF score < 50:
RETURN "FRAUDULENT_SESSION"
ELSE:
RETURN "AUTHENTIC_SESSION"
ENDIF
π Python Code Examples
This Python function simulates checking for an abnormally high frequency of ad requests from a single IP address within a short time frame, a common sign of bot activity.
from collections import defaultdict
import time
REQUEST_LOGS = defaultdict(list)
TIME_WINDOW_SECONDS = 60
MAX_REQUESTS_IN_WINDOW = 10
def is_rate_limit_exceeded(ip_address):
"""Checks if an IP has made too many requests in the defined time window."""
current_time = time.time()
# Filter out timestamps older than the time window
REQUEST_LOGS[ip_address] = [t for t in REQUEST_LOGS[ip_address] if current_time - t < TIME_WINDOW_SECONDS]
# Check if the number of recent requests exceeds the limit
if len(REQUEST_LOGS[ip_address]) >= MAX_REQUESTS_IN_WINDOW:
return True
# Log the current request time and continue
REQUEST_LOGS[ip_address].append(current_time)
return False
# --- Simulation ---
test_ip = "192.168.1.100"
for i in range(12):
if is_rate_limit_exceeded(test_ip):
print(f"Request {i+1} from {test_ip}: BLOCKED (High Frequency)")
else:
print(f"Request {i+1} from {test_ip}: ALLOWED")
This script filters incoming ad traffic by checking if the request's user agent is on a blocklist of known bots or non-standard browsers, a simple yet effective filtering technique.
KNOWN_BOT_USER_AGENTS = {
"Googlebot",
"Bingbot",
"AhrefsBot",
"SemrushBot",
"PhantomJS", # Headless browser often used for scraping/bots
}
def filter_by_user_agent(request_headers):
"""Returns True if the user agent is a known bot, False otherwise."""
user_agent = request_headers.get("User-Agent", "")
for bot_agent in KNOWN_BOT_USER_AGENTS:
if bot_agent in user_agent:
return True # Is a known bot
return False # Not a known bot
# --- Simulation ---
traffic_requests = [
{"User-Agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36..."},
{"User-Agent": "Googlebot/2.1 (+http://www.google.com/bot.html)"},
{"User-Agent": "Mozilla/5.0 (compatible; AhrefsBot/7.0; +http://ahrefs.com/robot/)"}
]
for req in traffic_requests:
if filter_by_user_agent(req):
print(f"Blocking request with User-Agent: {req['User-Agent']}")
else:
print(f"Allowing request with User-Agent: {req['User-Agent']}")
Types of Supply side platform
- Pre-Bid Filtering SSPs
These platforms focus on analyzing and blocking invalid traffic before the ad request is sent to the auction. They use techniques like IP blacklisting and user-agent analysis to discard fraudulent impressions early, ensuring that only high-quality traffic is offered to buyers. This is the most common and effective type for preventing ad fraud. - Post-Bid Analysis SSPs
These SSPs analyze traffic after the ad has been served and an impression has been recorded. While less effective at preventing initial budget waste, they identify fraudulent patterns and sources by analyzing performance metrics like suspiciously high click-through rates with zero conversions. This data is used to update pre-bid filters for future auctions. - Hybrid SSPs
A hybrid model combines both pre-bid blocking and post-bid analysis. It provides real-time protection by filtering traffic before the auction while also using post-impression data to learn from and adapt to new, more sophisticated fraud techniques. This offers a comprehensive and continuously improving defense mechanism. - Curation-Focused SSPs
These platforms specialize in creating premium, fraud-free inventory packages for advertisers. They go beyond basic filtering by actively curating traffic from high-quality, vetted publishers and enriching it with valuable first-party data. This guarantees brand safety and maximum performance, attracting premium advertisers who are willing to pay higher prices for trusted inventory.
π‘οΈ Common Detection Techniques
- IP Reputation Analysis β This technique involves checking the IP address of an incoming ad request against global databases of known malicious IPs, such as those from data centers, VPNs, or botnets. It's a quick and effective first-line defense to block obviously non-human traffic.
- Behavioral Heuristics β This method analyzes user behavior within a session to distinguish humans from bots. It looks for patterns like unnaturally fast clicks, no mouse movement, or immediate bounces across multiple pages, which are strong indicators of automated, fraudulent activity.
- Device and Browser Fingerprinting β This technique collects various attributes from a user's device and browser (e.g., operating system, browser version, screen resolution, installed fonts) to create a unique ID. It helps detect bots that try to mask their identity or generate multiple fake impressions from a single machine.
- Data Center and Proxy Detection β Since many bots operate from servers in data centers rather than residential IP addresses, this technique identifies and blocks traffic originating from known data center IP ranges. This effectively eliminates a large volume of common bot traffic.
- Ads.txt and Sellers.json Validation β These IAB-backed standards provide transparency in the supply chain. SSPs use ads.txt to verify that they are authorized to sell a publisher's inventory and sellers.json to confirm the identity of the entities they work with, preventing domain spoofing and unauthorized reselling.
π§° Popular Tools & Services
| Tool | Description | Pros | Cons |
|---|---|---|---|
| Integrated SSP Fraud Solution | A built-in fraud detection module offered directly within a major supply-side platform. It analyzes traffic in real-time before auctions. | Seamless integration, real-time pre-bid blocking, often included in the platform fee. | May lack the specialized focus of third-party tools, detection methods can be generic. |
| Third-Party Verification Service | A specialized, independent service that integrates with an SSP to provide advanced fraud detection, viewability scoring, and brand safety analysis. | Highly specialized and accurate, offers unbiased measurement, often MRC-accredited. | Adds extra cost, can introduce minor latency to the ad-serving process. |
| Traffic Curation Platform | A platform that filters traffic from multiple sources and bundles it into high-quality, fraud-vetted packages for advertisers to purchase. | Focuses on delivering premium, brand-safe inventory, improves advertiser trust. | Limited scale compared to open exchanges, inventory may be more expensive. |
| Custom In-House Solution | A proprietary fraud detection system developed and maintained by a large publisher or ad network. It uses custom rules and machine learning models. | Fully customizable to specific traffic patterns and business needs, no third-party fees. | Requires significant engineering resources to build and maintain, slow to adapt to new global fraud trends. |
π KPI & Metrics
Tracking Key Performance Indicators (KPIs) is crucial for evaluating the effectiveness of an SSP's fraud prevention efforts. It's important to monitor not only the accuracy of the detection technology but also its direct impact on business outcomes, such as ad spend efficiency and revenue protection.
| Metric Name | Description | Business Relevance |
|---|---|---|
| Invalid Traffic (IVT) Rate | The percentage of ad requests identified and blocked as fraudulent by the SSP before an auction. | Indicates the volume of fraud being successfully filtered and the overall quality of incoming traffic. |
| False Positive Rate | The percentage of legitimate impressions that are incorrectly flagged as fraudulent by the detection system. | A high rate can lead to lost revenue for publishers by unnecessarily blocking valid traffic. |
| Ad Spend Waste Reduction | The amount of advertising budget saved by preventing bids on fraudulent or non-viewable impressions. | Directly measures the financial ROI of the fraud protection system for advertisers. |
| Clean Traffic Ratio | The proportion of total traffic that passes all fraud checks and is considered high-quality and viewable. | Helps publishers demonstrate the value of their inventory and attract premium advertisers. |
These metrics are typically monitored through real-time dashboards and logs provided by the SSP or integrated third-party verification tools. Feedback from these metrics is essential for continuously optimizing fraud filters, adjusting detection rules, and improving the overall health of the advertising ecosystem.
π Comparison with Other Detection Methods
Detection Point and Speed
An SSP detects fraud "pre-bid," meaning it filters traffic before an advertiser ever spends money on an impression. This is much faster and more efficient than post-bid analysis or campaign monitoring tools, which identify fraud after the ad has already been served and paid for. This proactive approach prevents wasted ad spend at the source.
Accuracy and Scope
Compared to a Demand-Side Platform's (DSP) filtering, an SSP has a broader view of all traffic coming from a publisher's site, not just the traffic a single advertiser bids on. While third-party verification services may offer more specialized analysis, the SSP's integrated approach allows it to block suspicious traffic universally for all potential buyers, creating a cleaner marketplace overall.
Effectiveness Against Bots
SSPs are highly effective against common and general invalid traffic (GIVT), such as data center bots and simple scripts, which they can filter out at scale. However, they may be less effective against sophisticated invalid traffic (SIVT), where behavioral analytics tools might have an edge. Behavioral tools excel at detecting fraud that mimics human actions, which can sometimes bypass the initial infrastructure-level checks of an SSP.
β οΈ Limitations & Drawbacks
While a Supply-Side Platform is a critical defense against ad fraud, it has limitations and is not a complete solution. Its effectiveness can be constrained by the sophistication of fraud schemes and certain technical trade-offs inherent in the real-time bidding process.
- Sophisticated Bot Evasion β Advanced bots can mimic human behavior so well that they bypass standard pre-bid checks, making them difficult for an SSP to detect alone.
- Latency Issues β Adding multiple layers of fraud analysis can increase the processing time (latency) for each ad request, potentially causing the SSP to lose out on auction opportunities.
- False Positives β Overly aggressive filtering rules may incorrectly flag legitimate, niche, or new sources of traffic as fraudulent, leading to lost revenue for publishers.
- Limited View of Buyer Side β An SSP has a deep view of its own inventory but lacks visibility into the buyer's campaign goals or post-click conversion data, which can provide additional signals of fraud.
- Attribution Fraud Blindspot β SSPs are primarily focused on impression-level fraud and are less effective at detecting attribution fraud (like click injection or SDK spoofing), which occurs further down the conversion funnel.
In cases of sophisticated or attribution-focused fraud, a hybrid approach that combines SSP filtering with specialized third-party verification and post-bid analysis is often more suitable.
β Frequently Asked Questions
How does an SSP's fraud detection differ from a DSP's?
An SSP detects fraud at the source (pre-bid), filtering all traffic from a publisher before it's offered to any buyer. A DSP filters on behalf of a specific advertiser, analyzing only the impressions that align with that advertiser's campaign criteria. SSPs provide broader, foundational protection for the entire marketplace.
Can an SSP guarantee 100% fraud-free traffic?
No, 100% prevention is not realistic. While SSPs are effective at blocking a significant amount of invalid traffic, especially general invalid traffic (GIVT), some sophisticated invalid traffic (SIVT) designed to mimic human behavior can still get through. A multi-layered approach is always recommended.
Does using an SSP for fraud detection cause delays in ad loading?
It can introduce a very small amount of latency, typically measured in milliseconds. SSPs are optimized to perform these checks extremely quickly to avoid significant delays in the real-time bidding auction. The benefit of filtering out fraud generally outweighs the minor performance impact.
What happens when an SSP detects fraudulent traffic?
When an SSP identifies an ad request as fraudulent, it is typically dropped or blocked immediately. The request is not passed on to the ad exchanges or DSPs for auction, meaning no advertiser has the chance to bid on it, thus preventing wasted ad spend.
How do SSPs keep up with new types of ad fraud?
SSPs continuously update their fraud detection methods by using machine learning algorithms, partnering with third-party security firms, and analyzing vast amounts of traffic data to identify new malicious patterns. They also adopt industry standards like ads.txt to combat emerging threats like domain spoofing.
π§Ύ Summary
A Supply-Side Platform (SSP) serves as a fundamental layer of defense in digital advertising by acting as a gatekeeper for publishers' ad inventory. Its core role in traffic protection is to analyze and filter out fraudulent and non-human traffic before it enters the real-time bidding auction. By performing pre-bid analysis, an SSP prevents advertisers' budgets from being wasted on invalid clicks and ensures the integrity and value of the publisher's inventory.