The extreme growth of Internet resources leads to several kinds of attacks. Cybercrime is one of the dominant threats apart from data defence mechanism, which enhances the economy, resource management, and service quality. Among them, HTTP flooding attacks in the cloud are one of the most prevalent threats as it depletes the cloud resources and services. It is difficult to distinguish the anomalous traffic by extracting the actual payload since most of the payload could not be accessed as they are encrypted and varies dynamically based on the user input. Hence, the proposed method uses web server logs that can be easily accessed to detect the attacks. This study highlights the detection methods by extracting the features from the web server logs and also deals with the reduction in the dimensionality of the features using diffusion map. The anomalies are detected by affinity propagation clustering technique and also by monitoring the status of the virtual machine. Furthermore, the Dempster–Shafer theory focuses on the identification of the suspicious user. It is inferred from the experimental results that the proposed method enhances the detection performance with very few false alarms than existing methods.