← Back to Docs

Suspicion Scoring

How the integrity server decides who's cheating — probabilistic, accumulative, and resistant to false positives.

Spot-Check Mechanism

The integrity server doesn't check every operation in real time — that would be too much traffic. Instead, it performs spot-checks: periodic requests for the client to prove that specific protected variables haven't been tampered with.

Check interval, sampling rate, and event-driven triggers are all configurable on the self-hosted integrity server. Typical deployments range from sub-second intervals for competitive multiplayer to 10-second spot-checks for casual titles. Because you host the server, the tradeoff between bandwidth, latency, and detection coverage is fully under your control.

Score Accumulation

Each failed spot-check increases the player's suspicion score. The score considers:

+Mismatch magnitude — changing 100 to 999999 is more suspicious than 100 to 101.
+Frequency — a single mismatch could be a bug. Repeated mismatches are intentional.
+Variable type — health/gold mismatches are weighted higher than cosmetic values.
+Decay — suspicion decays over time. Old mismatches count less than recent ones.
Example Accumulation
Check #1: gold OK → susp: 0
Check #2: gold OK → susp: 0
Check #3: gold MISMATCH → susp: 25
Check #4: gold MISMATCH → susp: 45
Check #5: hp MISMATCH → susp: 70
Check #6: gold MISMATCH → susp: 90 → KICK

Action Thresholds

You configure what happens at each suspicion level in your dashboard:

0-30
NormalNo action. Occasional mismatches are expected.
30-60
WarningLog to dashboard. Optionally notify via webhook.
60-80
RestrictIncrease spot-check frequency. Flag for manual review.
80+
Kick/BanRemove from game session. Optionally issue temporary ban.

False Positive Handling

+Accumulative model — a single mismatch never triggers action. It takes sustained tampering.
+Decay window — isolated incidents fade. Only persistent patterns persist.
+Key rotation grace period — mismatches during key transitions are ignored.
+Configurable thresholds — tune the sensitivity to your game's needs.

Dashboard Integration

All detections appear in your project dashboard in real time. You can see each player's suspicion history, which variables were flagged, the magnitude of mismatches, and the actions taken. Export detection data via the REST API or feed it into your own analytics stack.