Intrusion Prevention Monitor and restrict application's system calls. Inspect every system call at the system call gateway. Guards the operating system against malicious activity. Allows us to limit or prevent an adversary from causing damage. Security policy: Policy for every application determines acceptable behavior. Web browser may connect only to web servers. Text editor may change data owned by the user but nothing else in the system.