Today, due to highly advanced attacks and intrusions, it has become very difficult to detect IoT attacks in cloud environments. Other problems with cloud systems include low error detection accuracy, false positive rates, and long computation times. In the proposed method, we present a hybrid intrusion detection model including a clustering algorithm and a machine-based random forest classification for the fog and cloud environments. Also, to control the network traffic in the physical layer and also to detect the anomalies between IoT devices, calculations are performed on the fog and the edges of the cloud, so that after preprocessing, the incoming traffic to the fog and cloud are checked and if necessary, they are directed to an anomaly detection module. A random forest-based learning classification is used to identify the type of each attack. Both the general and cloud data have been used for this research. The overall accuracy, the mean false positive rate and the anomaly detection rate of the proposed intrusion detection system are 98. 03, 17% and 96. 30 respectively, which is notable in comparison to previous methods.