Kernel malwares are serious threat to the security of operating system. Existing kernel malware detection methods are mainly code view-based, which cannot detect the code reuse and code obfuscation attacks; and a small number of available detection methods for data attacks have limit detection capability due to the limited data invariants. To solve these problems, a kernel malware detection technique based on data characteristics is proposed. First, a kernel data object access model is built by analyzing the kernel object access process during the kernel running. Then, data characteristics building process is discussed based on the model. The process uses dynamic monitoring and static analysis methods to identify the kernel data objects, and employs EPT to monitor the memory access operations to build data characteristics. Finally, the kernel malware detection algorithm based on data characteristics is realized. With this groundwork, a kernel malware detection prototype system MDS-DCB is designed and implemented based on Bitvisor, and the effectiveness and performance overhead of MDS-DCB are evaluated by comprehensive experiments. The results show that MDS-DCB can effectively detect kernel malwares, and the performance penalty induced by MDS-DCB is acceptable.