The article considers a possibility of using machine learning technologies to detect network connections of malicious programs based on the detection of anomalies. The classification of network connections of malicious software is carried out based on statistical signs during data transmission that occur at the transport and network levels of the OSI model. It is proposed to use machine learning technologies to assess the probability of detecting malware based on their network activity