Virtualization enables provision of resources to users according to their requirement through Infrastructure as a Service (IaaS) delivery model in cloud computing environment. Malicious users could lease cloud resources and use them as platforms to launch attacks. In this paper, we propose a Virtual Machine Introspection (VMI)-based security framework to monitor cloud users’ in-VM activities and detect malicious one if any. We justify our selection of VMI method based on hardware knowledge for proposed framework by discussing its key advantages over other VMI methods. We propose design of multi-threaded analysis component that can introspect number of virtual machines hosted on cloud servers in real time. Experimental results demonstrate that our framework performs well with a set of metrics appropriate for cloud IaaS environment.