As the foundation of cloud computing, virtualization technology’s security problems are gained more and more attention of the specialists with the development of cloud computing. This paper presents a virtual machine system kernel intrusion detection system, which use the introspection technology provided by Xen hypervisor to get internal states of kernel of the virtual machine. To achieve the goal of monitoring the kernel and preventing it from being compromised. This system can effectively defend the case of attack that dynamically modifies the kernel code and kernel unchanged data structure.