Suspicion Scoring

How the integrity server decides who's cheating — probabilistic, accumulative, and resistant to false positives.

Spot-Check Mechanism

The integrity server doesn't check every operation in real time — that would be too much traffic. Instead, it performs spot-checks: periodic requests for the client to prove that specific protected variables haven't been tampered with.

Plan	Check Interval
Free	Every 10 seconds
Studio	Every 2 seconds
Competitive	Custom intervals
Publisher	Custom + event-driven

Score Accumulation

Each failed spot-check increases the player's suspicion score. The score considers:

+Mismatch magnitude — changing 100 to 999999 is more suspicious than 100 to 101.

+Frequency — a single mismatch could be a bug. Repeated mismatches are intentional.

+Variable type — health/gold mismatches are weighted higher than cosmetic values.

+Decay — suspicion decays over time. Old mismatches count less than recent ones.

Example Accumulation

Check #1: gold OK → susp: 0

Check #2: gold OK → susp: 0

Check #3: gold MISMATCH → susp: 25

Check #4: gold MISMATCH → susp: 45

Check #5: hp MISMATCH → susp: 70

Check #6: gold MISMATCH → susp: 90 → KICK

Action Thresholds

You configure what happens at each suspicion level in your dashboard:

0-30

Normal — No action. Occasional mismatches are expected.

30-60

Warning — Log to dashboard. Optionally notify via webhook.

60-80

Restrict — Increase spot-check frequency. Flag for manual review.

80+

Kick/Ban — Remove from game session. Optionally issue temporary ban.

False Positive Handling

+Accumulative model — a single mismatch never triggers action. It takes sustained tampering.

+Decay window — isolated incidents fade. Only persistent patterns persist.

+Key rotation grace period — mismatches during key transitions are ignored.

+Configurable thresholds — tune the sensitivity to your game's needs.

Dashboard Integration

All detections appear in your project dashboard in real time. You can see each player's suspicion history, which variables were flagged, the magnitude of mismatches, and the actions taken. Export detection data via the REST API or feed it into your own analytics stack.