Abstract:In order to solve the problems that the existing DNS traffic analysis is limited by large data in complex large-scale networks, and the current visual analysis is not yet applied to DNS traffic analysis, a DNS traffic analysis model based on trend to domain and request information(TDRI) is proposed. The combined with network security and visual analysis method of big data, a multi view association DNS traffic visual analysis system based on TDRI DNS traffic analysis model is designed and implemented. First, the long-term and massive DNS traffic data of complex large-scale real networks are observed and analyzed. Then, a DNS traffic analysis model that includes DNS traffic eigenvalue time-series trend, request domain, and domain request information is abstracted and presented from three perspectives of requester, domain and request. Finally, based on the proposed DNS flow analysis model, the DNS traffic visual analysis system, which includes data selection and interrelated interactive view, is designed to support the analysis process of DNS traffic data driven by the problem analysis. The multi-view associated DNS traffic visual analysis system based on TDRI is applied to the real environment of campus network, which helps analysts find malicious access behavior in the network from DNS traffic and maliciousbehavior for DNS.The experimental results show that the proposed analysis method can improve the efficiency of DNS traffic analysis in the large-scale network environment and analyze the malicious behavior in the DNS traffic, which provides a guarantee for the safe and stable operation of the campus network DNS.