In-band　Network　Telemetry　(INT)　is　a　widely　used　monitoring　framework　in　modern　large-scale　networks.　It　provides　packet-level　visibility　into　network　conditions　by　inserting　telemetry　data　into　packets,　enabling　unprecedented　fine-grained　network　management.　However,　this　mechanism　also　introduces　new　vulnerabilities　that　malicious　attackers　can　exploit.　In　this　paper,　we　present　eight　In-band　Network　Telemetry　Manipulation　Attacks　that　take　advantage　of　INT＇s　weakness,　demonstrating　that　attackers　can　cause　severe　damage　with　little　effort　by　manipulating　INT　packets.　To　address　this　issue,　we　designed　SecureINT,　a　security-enhanced　INT　prototype　that　provides　encryption　and　integrity　verification　for　INT　packets.　Specifically,　SecureINT　deploys　Even-Mansour　and　SipHash　for　confidentiality　and　integrity,　respectively.　It　also　uses　a　zero-delay　rotation　mechanism,　which　enables　administrators　to　dynamically　change　the　version　of　the　deployed　Even-Mansour/SipHash　running　on　programmable　switches　without　the　need　to　re-install　new　programs.　In　this　way,　SecureINT　can　provide　lasting　security　for　INT　packets　using　the　limited　resources　of　programmable　switches.　According　to　the　experiments,　SecureINT　can　be　deployed　on　programmable　switches　using　a　single　pipeline.　Besides,　the　overhead　of　the　rotation　mechanism　running　on　the　control　plane　is　still　minimal.　　©　2004-2012　IEEE.