Computing DOI 10.1007/s00607-016-0495-8 A risk mitigation approach for autonomous cloud intrusion response system Hisham A. Kholidy 1,3 · Abdelkarim Erradi 2 · Sherif Abdelwahed 3 · Fabrizio Baiardi 4 Received: 28 November 2015 / Accepted: 19 May 2016 © Springer-Verlag Wien 2016 Abstract Cloud computing delivers on-demand resources over the Internet on a pay- for-use basis, intruders may exploit clouds for their advantage. This paper presents Autonomous Cloud Intrusion Response System (ACIRS), a proper defense strategy for cloud systems. ACIRS continuously monitors and analyzes system events and computes security and risk parameters to provide risk assessment and mitigation capa- bilities with a scalable and elastic architecture with no central coordinator. It detects masquerade, host based and network based attacks and selects the appropriate response to mitigate these attacks. ACIRS is superior to NICE (Network Intrusion Detection and Countermeasure Selection system) in reducing the risk by 38 %. This paper describes the components, architecture, and advantages of ACIRS. Keywords Cloud computing · Security · Intrusion · Attacks · Masquerade · Risk assessment · Risk mitigation · Autonomic B Hisham A. Kholidy hisham_dev@yahoo.com Abdelkarim Erradi erradi@qu.edu.qa Sherif Abdelwahed sherif@ece.msstate.edu Fabrizio Baiardi baiardi@di.unipi.it 1 Department of Computer Science, Faculty of Computers and Information, Fayoum University, Fayoum, Egypt 2 Department of Computer Science and Engineering, College of Engineering, Qatar University, Doha, Qatar 3 Electrical and Computer Engineering, Mississippi State University, Starkville, MS, USA 4 Dipartimento di Informatica, Università di Pisa, Pisa, Italy 123