Purpose-Cloud computing is integrated lots of computing resources which are provided to users over the internet on a Pay-As-You-Go mode. While multi-tenants and resources sharing are its advantages under the cloud computing environment, it also brings new risks in information security. One of the more difficult consequences of an attack is a flooding attack. Hence, this paper proposes a new scheme: HFADS for detecting and resolving the hybrid flooding attacks. Design/methodology/approach-Based on the existing DDoS detection technology, this paper enhances the Alkasassbeh et al.'s (M.A.) Random Forest algorithm and combines feature selection and random forest classification to propose a new scheme HFADS for detecting and resolving the hybrid flooding attacks. The proposed HFADS scheme is mainly divided into three modules: (1) Resource Monitor Module, (2) Data Feature Selection Module and (3) Machine Learning Evaluation Module: Findings - Based on three modules in HFADS, we did perform some simulations to analyze and compare with Alkasassbeh et al. (M.A.) to detect hybrid flood attacks according to four key performance indicators including precision rate, recall rate, total accuracy rate and average processing time. The final experimental results indicate that HFADS has better precision rate and recall rate than the method of M.A. for detecting the protocols: UDP, ICMP and HTTP (with TCP). In addition, the HFADS can obtain 99.98% and 65.34 Seconds in total accuracy rate and average processing time, respectively, thus to increase the 2% in total accuracy rate and shorten the 5.14% in average processing time than the M.A. method. Research limitation/implications - The hybrid flooding attacks are assumed to be exhausted the network bandwidth and the computing resources of the server, causing the server to fail to provide services due to heavy workload and may affect the service. Other servers in the same infrastructure cause unpredictable losses. Practical implications-The HFADS scheme is mainly divided into three modules: (1) Resource Monitor Module: This module is to monitor the CPU utilizations to trigger script procedure in a command-line tool TShark in which is to capture network packets, when the CPU usage ratio is lower than threshold value. (2) Data Feature Selection Module: This module uses the network traffic drawn by TShark and imports it into data mining tool Weka to perform three feature selections, remove irrelevant features and select features with high proportion, and then evaluate by machine learning. (3) Machine Learning Evaluation Module: This module utilizes a random forest classification model to detect three common types of flooding attacks: UDP, ICMP, and HTTP. Originality/value-The proposed HFADS scheme is to combine feature selection and random forest classification to enhance the method of M.A. for detecting and resolving the hybrid flooding attacks. The final experimental results prove that HFADS are much better and more efficient than the method of M.A. in terms of precision rate, recall rate, total accuracy rate, and average processing time.