To prevent vulnerable virtual machines from being compromised in the cloud. A multiphase distributed vulnerability detection, measurement, and countermeasure selection mechanism called NICE. Built on attack graph-based analytical models and reconfigurable virtual network-based countermeasures. Attackers can explore vulnerabilities of a cloud system and compromise virtual machines to deploy further large-scale Distributed Denial-of-Service (DDoS). Open Flow network programming APIs to build a monitor and control plane over distributed programmable virtual switches to significantly improve attack detection and mitigate attack consequences. The system and security evaluations demonstrate the efficiency and effectiveness of the proposed solution.