Okay... I don't know what's causing these connections.
The mach kernel is a central part of the core of the XNU, the operating system kernel of OS X. Mach is entirely built on communications, too. If you want to see how XNU is structured including the mach bits, Apple has provided the Darwin open source package — that's the XNU kernel, packaged as open source.
OS X 10.9 is comparatively old, and I'd encourage a move forward from there. If you're particularly concerned about security, please don't stay on older versions, and particularly on versions that have largely or entirely fallen off support.
As for root kits and UEFI malware and firmware hacks, sure, but are you really worth using the top-shelf stuff? No offense intended here, but — if you're asking this sort of question here in these forums — you're probably not worth using those sorts of tools. (And I'd tend to expect the better stuff around would either detect and unhook Little Snitch, or would otherwise bury its traffic.)
As for connections to the Internet, all sorts of stuff does that — legitimately or otherwise — and mach is at the core of the entire operating system. Which ports are the network connections going to? TCP 80 and/or 443, as I'd expect? If you're particularly interested, use some of the available tcpdump or TLS MITM tools to dump out the network traffic. But here, I'd suspect that this is either checking for web data or generating a Safari thumbnail or related, or there's something local running that's checking (RSS, etc).
If you suspect the operating system has been compromised, wipe the disk and reinstall. Based on what you're describing here — if this network access is secondary to a breach (and which I'd tend to doubt, at least for now) — then wipe-and-reload-from-distro is the recovery path. Don't load anything from the old system, other than (maybe) documents. Now if you're an bona fide target for somebody with a budget to be interested in you and thus for root kits and the worst of the rest of the dreck, then physically destroy the system hardware and buy a new computer, preferably from a random Apple store or Apple vendor. Then get help from folks that specialize in higher-level security. (Not kidding here, either.)
As for Little Snitch and the rest (and not intending to disparage — they do have their uses), I'd usually just remove those tools for most folks — they're often effectively providing the same Paranoia as a Service (PaaS) as implemented via antivirus with popups, and — when certain connections are incorrectly blocked — both sorts of tools can provide flaky app or system behavior.