With the rapid development of could, its security problems emerge in large numbers. Gartner Inc. has drawn seven conclusions about the security risk of could computing, and Dengguo Feng, etc. Virtual intranet performance of virtual machine manager is important factor to keep the whole virtual platform works efficiently. This paper offers a bypass model to detect network attack in virtual machine intranet. Compare with filter model, bypass model expend very low performance of virtual machine manager. The model also allows efficient and advance detection by an external security device.