Thanks for keeping an eye on this!
I’m not too worried currently. I skimmed some details from ZIP-317, with an eye on mempool size limiting. @shieldedmark also checked both zcashd and zebra to verify that block\_unpaid\_action\_limit = 0, so I’m not feeling very worried right now.
If the ZIP-317 design holds up as intended, anyone flooding txns is paying a pretty penny. I want to personally thank all the people who worked to ship ZIP-317, both design work/specs & implementations (nodes, wallets, etc…)! Thanks for defending Zcash. 
However, it is always possible in all decentralized systems to find new denial-of-service attack vectors, so it’s good to stay vigilant.
One surfaces I’d personally like to learn more about (and encourage DoS defenders to look into) is the size/cost of the UTXO set.
p.s. If you save your logs and peers.db you might be able to figure out if most of these were coming from a particular neighbor. (Note: that doesn’t mean that neighbor IP is responsible, but that the source of transactions came from “their direction”.)