The cloud threat detection feature provided by Security Center is integrated with major antivirus engines. The feature detects threats based on large amounts of threat intelligence data provided by Alibaba Cloud. The feature also provides an exception detection module designed by Alibaba Cloud that detects threats based on machine learning and deep learning. These capabilities of the cloud threat detection feature enable both full-scale and dynamic antivirus protection for your assets.

The cloud threat detection feature scans hundreds of millions of files on a daily basis and protects millions of servers on the cloud.

Detection capabilities

Security Center uses the Security Center agent to collect process information and scans the retrieved data for viruses. If a malicious process is detected, you can stop the process and quarantine the source files.

  • Deep learning engine developed by Alibaba Cloud: The deep learning engine is built on deep learning technology and a large number of attack samples. The engine detects malicious files on the cloud and automatically identifies potential threats to supplement traditional antivirus engines.
  • Cloud sandbox developed by Alibaba Cloud: The cloud sandbox feature allows you to simulate cloud environments and monitor attacks launched by malicious samples. The cloud sandbox feature automatically detects threats and offers dynamic analysis and detection capabilities based on big data analytics and machine learning modeling techniques.
  • Integration with major antivirus engines: The cloud threat detection feature is integrated with major antivirus engines and updates its virus library in real time.
  • Threat intelligence detection: The cloud threat detection feature works with the exception detection module to detect malicious processes and operations based on threat intelligence data provided by Alibaba Cloud Security.

Detectable virus types

The cloud threat detection feature is developed based on the security technologies and expertise of Alibaba Cloud. The feature provides end-to-end security services, including threat intelligence collection, data masking, threat identification, threat analysis, and malicious file quarantine and restoration. You can quarantine and restore files that contain viruses in the Security Center console.

The cloud threat detection feature can detect the following types of viruses.

Virus Description
Mining program A mining program consumes server resources and mines cryptocurrency without authorization.
Computer worm A computer worm uses computer networks to replicate itself and spread to a large number of computers within a short period of time.
Ransomware Ransomware, such as WannaCry, uses encryption algorithms to encrypt files and prevent users from accessing the files.
Trojan A trojan is a program that allows an attacker to access information about servers and users, gain control of the servers, and consume system resources.
DDoS trojan A DDoS trojan hijacks servers and uses zombie servers to launch DDoS attacks, which interrupts your service.
Backdoor A backdoor is a malicious program injected by an attacker. Then, the attacker can use the backdoor to control the server or launch attacks.
Computer virus A computer virus inserts malicious code into normal programs and replicates the code to infect the whole system.
Malicious program A malicious program may pose threats to system and data security.


  • Self-developed and controllable: The cloud threat detection feature is based on deep learning, machine learning, and big data analytics with a large number of attack and defense practices. The feature uses multiple detection engines to dynamically protect your assets against viruses.
  • Lightweight: The cloud threat detection feature consumes only 1% of CPU resources and 50 MB of memory.
  • Dynamic: The cloud threat detection feature dynamically retrieves startup logs of processes to monitor the startup of viruses.
  • Easy to manage: You can manage all servers and view their status at any time in the Security Center console.



Select a detection type


Quarantine the source files of malicious processes


Restore quarantined files

Threat detection limits

When Security Center detects risks, it sends security alerts to you without delay. You can manage security alerts, scan for vulnerabilities, analyze attacks, and perform configuration assessment in the Security Center console. Security Center can also analyze alerts and automatically trace attacks. This reinforces the security of your assets. To protect your assets against attacks, we recommend that you regularly install the latest security patches on your server, and use other security services along with Security Center, such as Cloud Firewall and Web Application Firewall (WAF).

Note Due to the evolution of attacks and viruses, and the variation of workload environments, security breaches may occur. We recommend that you use the alerting, vulnerability detection, baseline check, and configuration assessment features provided by Security Center to protect your assets against attacks.