Existing models and methods of intrusion detection are mostly aimed at detecting intensive attacks, do not take into account the security of computer system resources and the properties of information flows. This limits the ability to detect anomalies in computer systems and information flows in a timely manner. The latest monitoring and intrusion detection solutions must take into account self-similar and statistical traffic characteristics, deep packet analysis, and the time it takes to process the information. An analysis of properties traffic and data collected at nodes and in the network was performed. Based on the analysis traffic parameters that will be used as indicators for intrusion detection were selected. A method of intrusion detection based on packet statistical analysis is described and simulated. A comparative analysis of binary classification of fractal time series by machine learning methods is performed. We consider classification by the example of different types of attack detection in traffic implementations. Random forest with regression trees and multilayer perceptron with periodic normalization were chosen as classification methods. The experimental results showed the effectiveness of the proposed methods in detecting attacks and identifying their type. All methods showed high attack detection accuracy values and low false positive values. © 2022, The Author(s), under exclusive license to Springer Nature Switzerland AG.