This work focused on how a malignant user could attack customers which share physical resources and operate coresidence profiling and public-to-private IP mapping to target. Malicious user’s attack: resource placement (VM) on the target’s physical machine and extraction from the target’s physical machine. The proposed work depends on user account and workload clustering to reduce co residence profiling by mussel self-organization. Similar user behavior and workload types are belonged to same cluster. In order to unclear the public-to-private IP map, each cluster is supervised and used by an account proxy. In this work, each proxy uses one public IP address, which is used by all clustered users when accessing their instances, and maintains the mapping to private IP addresses. This work explained set of abilities and attack paths in which an attacker needs to launch attack for targeted co residence. It shows how our approach disturbs the critical steps in the attack path for most cases and then performs a risk


assessment to determine the probability an individual user will be victimized, given that a successful non directed exploit has occurred.