A Real -Time Interactive Visualization System for DNS Amplification Attack Challenges

Abstract

Domain Name Service (DNS) amplification attack has become a serious issue for network security because small queries can generate massive amounts of UDP packets in response to flood the target server. This paper presents our work to develop a real-time interactive visualization system (RTIVS) for DNS amplification attack to help administrators visualize and analyze traffic, and detect the DNS amplification attack. The design of the RTIVS is based on the characteristics of the DNS amplification attack. It provides two modes that are a manual mode and an automatic mode to support reasoning and identify DNS amplification attacks. A graphic user interface is implemented to allow administrators to easily monitor network activity and analyze the large amount of UDP packets in real time. The interactive GUI also supports combination of the administrator's knowledge, experience and judgment into the system.