Are there are any draw backs of host based IDS systems?
There are three primary drawbacks of a host-based ID: (1) It is harder to correlate network traffic patterns that involve multiple computers; (2) Host-based IDSs can be very difficult to maintain in environments with a lot of computers, with variations in operating systems and configurations, and where computers are maintained by several system administrators with little or no common practices; (3) Host-based IDSs can be disabled by attackers after the system is compromised.