The growth of malware utilizing encrypted channels makes it challenging to detect malicious activity using current Network Intrusion Detection Systems (NIDSs). The current network intrusion detection systems utilize pattern matching algorithms to identify malware artifacts in the network traffic. In Transport Layer Security (TLS) encrypted networks, limited amount of data are available for the NIDS. This obstacle is exploited by malware authors to evade detection. In this thesis, we are looking into using machine learning classification algorithms to recognize malware communication within TLS channels without having to decrypt the network traffic. In the last few years, an increase in research has been looking into solutions for this problem using classification algorithms. We extend the existing research by identifying features in the TLS traffic that is resilient to evasion techniques used by more advanced types of malware. Advanced malware is more problematic to detect with traditional NIDSs since they try to evade these systems by generating traffic that is similar to ordinary corporate traffic. Features identified as resilient towards these evasion techniques are those describing the malware behavior in TLS encrypted traffic. Extracting behavior artifacts are performed with a mature NIDS and Network Security Monitoring (NSM) system called Suricata and Metadata Collector, a tool developed as a part of this thesis. With efficient classification algorithms, we can overcome some major challenges of NIDS face today.