possible UDP attack on BIND?

It looks to me your server is being used in a DNS amplification attack.
I don't know the pricing model of Amazon EC2, but I'd be surprised if this traffic didn't count.

It works like this:
Someone is sending a DNS query to your server with the spoofed IP 108.162.233.15.
Your server answers this query to the real victim - 108.162.233.15.
The query is pretty small, but the answer is quite big (check dig -t ANY isc.org).

The real question is, why does your server answer these queries?
Are you intentionally running an public recursive DNS for everybody to use?

If not, you need to disable recursion or limit it to trusted/known clients (recursion no; and allow-query-cache {none;};).