Cloud infrastructures are prone to various anomalies due to their ever-growing complexity and dynamics. Monitoring behavior of dynamic resource management systems is necessary to guarantee cloud reliability. In this paper, we present AMAD, a system designed for detecting an abusive use of dynamic virtual machine migration, in the case of the abusive virtual machine migration attack. This attack is performed by malicious manipulation of the amounts of resources consumed by Virtual Machines (VMs). AMAD identifies the VMs possibly at the origin of the attack by analyzing resource consumption profiles of the VMs to detect the fluctuating and highly correlated ones. We have implemented AMAD on top of the VMware ESXi platform and evaluated it both on our lab platform and under real cloud configurations. Our results show that AMAD pinpoints the attacking VMs which were intentionally injected in our experimentations, with high accuracy.