System introspection is becoming an increasingly attractive option for maintaining operating system stability and security. This is primarily due to the many recent advances in system introspection technology; in particular, the 2013 introduction of eBPF (Extended Berkeley Packet Filter) into the Linux Kernel along with the recent development of more usable interfaces such as bcc (BPF Compiler Collection) has resulted in a highly compelling, performant, and (perhaps most importantly) safe subsystem for both kernel and userland instrumentation. The proposed thesis seeks to test the limits of what eBPF programs are capable of with respect to the domain of computer security; specifically, I present ebpH, an eBPF-based intrusion detection system based on Anil Somayaji's pH (Process Homeostasis). Preliminary testing has shown that ebpH is able to detect anomalies in process behavior by instrumenting system call tracepoints with negligible overhead. Future work will involve testing and iterating on the ebpH prototype, in order to extend its functionality beyond that of the current prototype system.