“So think of a host beaconing out to a C2 (command-and-control) site on a regularly scheduled basis,” he tells Dark Reading. “If an analyst can isolate the suspect host, they can eyeball a graph to see that they’re reaching out to this host regularly. But with a big data approach, you can create a rule that computes and analyzes the interval between sessions and determines whether we’re talking about normal human activity, or machine-generated — which is innocuous — or scheduled activity like malware might do.”
via RSA, IBM Bet On Big Data Analytics To Boost Security – Dark Reading.
I recently caught a piece of malware on a PC on my open wifi doing something similar.