In this talk, provenance-based intrusion detection will be discussed. We are building a full stack solution to perform host-based intrusion detection using information flow graph to represent a system execution. The talk will cover topics ranging from the kernel instrumentation to capture the relevant data, to the ML techniques used to perform the analysis. Published material and source code relating to this project can be found online at http://camflow.org.