This paper proposes algorithms for detecting attacks in enterprise networks based on the analysis of network traffic. The CICIDS2017 dataset was used to compare machine learning methods for binary classifying (attack or regular traffic), as well as for multiclass classification to identify the classes of typical attacks such as DoS/DDoS, PortScan, BruteForce, WebAttack, Bot and Infiltration. The balanced accuracy score is used as the main metric for assessing the accuracy of classification. The main advantage of this metric in adequately estimating the accuracy of classification algorithms, considering the strong imbalance in the number of labeled records for each class of dataset. As a result of the experiment, it was found that the CatBoost and LightGBM algorithms work well for both binary classification and multiclass classification of malicious traffic into several attack groups.