Detection of malicious traffic can be challenging. Network intrusion detection systems are one of the tools that can be used in order to detect traffic, but many IDSs rely on static signatures that can be avoided relatively easy by attackers. In this thesis we explore the potential of using machine learning in order to classify exploit kit traffic. We have created a machine learning system that aims to detect exploit kit traffic based on analyzing HTTP logs only. By using existing machine learning algorithms we have investigated the performance of such a system and developed it in a lightweight manner to be potentially used as a complement to a traditional IDS. The system shows relatively good performance in detecting exploit kit traffic considering that it only uses features extracted from HTTP traffic logs. However, the system in its current state does not perform well enough to be directly applied in a realistic setting. In order to improve the performance it seems necessary to include features from additional sources that do not require too much processing power such as passive DNS. The thesis concludes that the system have potential to become a good complement to an IDS, but it requires additional improvements to be used in a network deployment.