Due　to　limited　memory　usage　and　provably　high　accuracy,　sketches　running　on　programmable　switches　have　been　commonly　used　by　the　literature　for　network　measurement.　However,　their　vulnerabilities　are　still　largely　unknown　and　neglected,　which　is　highly　concerning　given　the　increasing　popularity　of　network　measurement.　In　this　paper,　we　identify　the　Stalker　attacks,　where　attackers　aim　to　degrade　the　accuracy　of　sketches　running　on　programmable　switches.　More　precisely,　attackers　tamper　with　some　sketch　operations　during　sketch　deployment　atop　programmable　switches.　At　runtime,　the　tampered　sketch　will　record　highly　inaccurate　flow　data,　which　degrades　measurement　accuracy.　We　implement　Stalker　attacks　on　Tofino　switches.　The　results　indicate　that　Stalker　attacks　significantly　drop　the　accuracy　of　network　management　applications,　e.g.,　reducing　the　F1　score　of　heavy　hitter　detection　to　zero.　However,　our　analysis　indicates　that　none　of　existing　methods　can　detect　Stalker　attacks　since　they　can　hardly　verify　the　correctness　of　sketch　operations.　Finally,　we　analyze　potential　defense　mechanisms　and　identify　challenges　to　enable　further　research　in　this　context.　©　2005-2012　IEEE.