The rate of acceptance of clouds each year is making cloud computing the leading IT computational technology. While cloud computing can be productive and economical, it is still vulnerable to different types of external threats, one of which is a denial of service (DoS) attack. Taking the cloud providers’ security services could cause disputes and involvement of hidden costs. Rather than depending on cloud providers, we have proposed a model, called flooding attack protection architecture (FAPA), to detect and filter packets when DoS attacks occur. FAPA can run locally on top of the client’s terminal and is independent of the provider’s cloud machine. In FAPA, detection of denial of service is accomplished through traffic pattern analysis and it removes flooding by filtering. Both in the cloud and on the cluster, our experimental results demonstrated that FAPA was able to detect and filter packets to successfully remove a DoS attack.