Introduction: The improvement of network information protection tools is inextricably linked to the development of tools for intelligent monitoring of the state and network interaction, increasing the observability of corporate information systems. A pressing issue is to assess the applicability of pre-trained machine learning models to new network traffic datasets (using transfer learning) and the possibility of their exploitation in real infrastructures to detect a narrow class of network attacks using the example of interactions between compromised hosts and botnet control servers. Purpose: To improve models and algorithms for detecting network traffic of botnet management and control infrastructures in corporate information systems based on machine learning technologies (including deep learning). Results: We develop a prototype of an intelligent network attack detection system, which makes it possible to solve the problems of collecting and pre-processing network session data, ensuring interaction with the operational control and information security monitoring center, preparing data for training local analysis models and managing their life cycle. We propose an algorithm for preparation, preprocessing of traffic and optimization of hyperparameters of binary classifiers. The experimental results (F1-measure = 0.71) confirm that the proposed models trained on one dataset can be successfully applied to another dataset of a highly specialized botnet control traffic domain. A distinctive feature is the use of transfer learning for deep neural network models, which makes it possible to increase the efficiency of detecting specialized network attacks by 16–21%. Practical relevance: The use of transfer learning makes it possible to accumulate knowledge about attacks on various information infrastructures within a single neural network model, which allows one to increase efficiency and reliability of detecting botnet control traffic, as well as to increase the security of client corporate information systems. Discussion: Further improvement of the efficiency of detection of specialized network attacks is possible through the use of more complex neural network models involving federated transfer learning technologies.