The elasticity and abundant availability of computational resources are attractive to intruders exploit cloud vulnerabilities and were able to launch attacks against legitimate users to gain access to private and privileged information. The Intrusion Detection Systems are presented as a possible solution for protection; however, to effectively protect the cloud users, IDS should have the ability to expand rapidly by increasing or decreasing the amount or sensors, the measure of cloud resources are available, and isolating the access to infrastructure and the system levels. Protection against internal threats should also be planned, as most protection systems do not identify them correctly. In order to solve these problems, we present the EICIDS - Elastic and Internal Cloud-based Intrusion Detection System, which monitors the internal cloud environment, entering data capture sensors on the local network of user´s VMs, and therefore, able to detect suspicious behavior of users. For this, the EICIDS uses the characteristics of virtual machines such as fast boot, fast recovery, stop or pause of VM, migrate between different hosts and execution across multiple platforms, to monitor and protect the cloud computing environment and keep up with the growth or reduction cloud, in order to save resources.