Cloud Threat Detection of Security Center integrates the features of popular antivirus engines, and provides you with comprehensive and real-time virus detection and protection service. This service features a unique detection model, which is based on machine learning and deep learning techniques, and large amount of threat information gathered by Alibaba Cloud.

Cloud Threat Detection checks hundreds of millions of files every day and serves millions of cloud servers.

Detection capabilities of Cloud Threat Detection

Security Center collects the process information on servers and upload it onto cloud for viruses detection. If a malicious process has been detected, you can directly stop the process and quarantine the related files.

  • Virus detection engine (self-developed by Alibaba) is built on deep learning techniques and a large amount of attack samples and protection policies. The engine specializes in detecting malicious files in the cloud, can effectively identify potential threats, and cover the shortages of traditional antivirus engines.
  • Cloud sandbox (self-developed by Alibaba) simulates cloud environments and allow you to monitor attacks from malicious samples. Based on big data analysis and machine learning modeling techniques, cloud sandbox automatically checks and detects potential threats and offers dynamic analysis and detection capabilities.
  • Integration with antivirus engines popular in the world enables the service to timely update the virus database.
  • Based on the threat data provided by Security Center, the service also integrates a server detection model to detect suspicious processes and malicious activities from various perspectives.

Supported virus types

Cloud Threat Detection provides a comprehensive solution based on the experience of Alibaba Cloud's security and defense experts. It covers data collection, masking, recognition, analysis, quarantine and recovery. You can quarantine malicious files and restore quarantined files on Security Center console.

Cloud Threat Detection can detect the following virus types :

Virus Description
Mining program A mining program illegally consumes server resources to mine virtual currencies.
Computer worm A computer worm is a malware computer program that replicates itself and spread to a large number of computers within a short time.
Ransomware Ransomware such as WannaCry uses encryption algorithms to encrypt files and prevent users from accessing their files.
Trojans A trojan is a malicious program that allows the attacker to access users' personal information, to gain control of the server, and to consume system resources.
DDoS trojan A DDoS trojan hijacks servers and uses zombie servers to launch DDoS attacks, which can interrupt your normal service.
Backdoor A backdoor is a malicious program injected by an attacker, who uses the backdoor to control the server or launch attacks.
Computer virus A computer virus is a type of malicious program that can replicate itself by modifying other programs and insert malicious code into other programs to infect the whole system.
Malicious program Programs that brings harm to a computer system and data security.


  • Reliable : Based on big data, deep learning, and machine learning techniques, the service integrates the capabilities of multiple detection engines to provide a comprehensive and real-time virus detection service.
  • Lightweight: The service only takes 1% CPU usage and 50 MB memory.
  • Real-time: The service obtains process initiation logs and monitors malicious programs in real time.
  • Easy management: You can manage all servers and view their real-time status in the Security Center console.


Virus Detection

Virus Isolation