The　promotion　of　cloud　computing　makes　the　virtual　machine　(VM)　increasingly　a　target　of　malware　attacks　in　cybersecurity　such　as　those　by　kernel　rootkits.　Memory　forensic,　which　observes　the　malicious　tracks　from　the　memory　aspect,　is　a　useful　way　for　malware　detection.　In　this　paper,　we　propose　a　novel　TKRD　method　to　automatically　detect　kernel　rootkits　in　VMs　from　private　cloud,　by　combining　VM　memory　forensic　analysis　with　bio-inspired　machine　learning　technology.　Malicious　features　are　extracted　from　the　memory　dumps　of　the　VM　through　memory　forensic　analysis　method.　Based　on　these　features,　various　machine　learning　classifiers　are　trained　including　Decision　tree,　Rule　based　classifiers,　Bayesian　and　Support　vector　machines　(SVM).　The　experiment　results　show　that　the　Random　Forest　classifier　has　the　best　performance　which　can　effectively　detect　unknown　kernel　rootkits　with　an　Accuracy　of　0.986　and　an　AUC　value　(the　area　under　the　receiver　operating　characteristic　curve)　of　0.998.