The purpose of this study is to analyze the existing timing covert channels detection methods. Preventive measures are often used to counteract storage covert channels, such as traffic encryption and transmitted packets length normalization. Methods, that do not affect the functioning of legitimate communication channels are more preferable in the case of timing covert channels, since preventive measures lead to more tangible consequences for the operation of the entire system. One of the non- preventative measures is detection. The task of detecting covert channels in the protected system is reduced either to the task of searching for patterns in the traffic flow, or to the task of comparing the tested sample with the "reference" one. A "reference" sample is a sample with a guaranteed absence of a functioning covert channel. The machine learning algorithms in the context of the problem of network covert channels detection are discussed. There are three cases of work of methods for detecting network timing covert channels, based on machine learning algorithms. The cases differ depending on the knowledge of the protected system. The general scheme of operation of such methods for three cases is given. The result of the analysis of existing methods is the conclusion about the need to improve them for the most realistic case – the absence of both "reference" traffic and traffic with a guaranteed presence of a covert channel. The described problems show a promising direction in the field of research on methods of countering information leakage through network covert channels.