LOGTITAN ML module is a MLLib based Bayesian clustering algorithms to detect threats. MLlib is Spark’s machine learning (ML) library.
The machine learning component of LOGTITAN contains routines for performing suspicious connections analyses on traffic data. These analyses consume a collection of firewall events and produce a list of the events that are considered to be the least probable, and these are consider the most suspicious.
LOGTITAN infers a probabilistic model for the network behavior of each IP address. Each network log entry is assigned an estimated probability (score) by the model. The events with lower scores are flagged as “suspicious” for further analysis.