All reviews of published articles are made public. This includes manuscript files, peer review comments, author rebuttals and revised materials. Note: This was optional for articles submitted before 13 February 2023.
Peer reviewers are encouraged (but not required) to provide their names to the authors when submitting their peer review. If they agree to provide their name, then their personal profile page will reflect a public acknowledgment that they performed a review (even if the article is rejected). If the article is accepted, then reviewers who provided their name will be associated with the article itself.
I am satisfied with the revised manuscript.
[# PeerJ Staff Note - this decision was reviewed and approved by Sedat Akleylek, a PeerJ Section Editor covering this Section #]
The paper has been significantly improved following the incorporation of the reviewers' feedback.
This part has been improve and overall it is comprehensive.
The validation is well presented and discussed.
Please revise the manuscript by addressing all the reviewers' comments.
Reviewer 1 has suggested that you cite specific references. You are welcome to add it/them if you believe they are relevant. However, you are not required to include these citations, and if you do not include them, this will not influence my decision.
**PeerJ Staff Note:** Please ensure that all review, editorial, and staff comments are addressed in a response letter and that any edits or clarifications mentioned in the letter are also inserted into the revised manuscript where appropriate.
1. The idea of this research is better, and the authors presented a better work. However, authors may consider the following,
2. Authors may revise the abstract to elaborate more on the problem statement, findings, and contributions.
3. The introduction is not clear. Authors may contribute more towards this.
4. Authors may elaborate more on the novelty/contribution of their work and how it contributes to the literature in the second last paragraph of the introduction clearly. May rephrase further the details that they provided.
5. The provided contribution, such as point vi is not the contribution.
6. Authors need to be specific about their problem statement and the scope of their research.
7. Overall, the paper presentation can be improved further.
8. Thorough proofreading is recommended.
9. A few of the figure’s resolutions are not clear and hard to read
10. A few references are missing some information; you may complete them critically.
11. The conclusion is not clear and needs revision and clarity and alignment with the abstract and title.
12. Provided references are better enough. However, authors are recommended to consider more latest and related, such as,
A. P. Singh et al., "A Novel Patient-Centric Architectural Framework for Blockchain-Enabled Healthcare Applications," in IEEE Transactions on Industrial Informatics, vol. 17, no. 8, pp. 5779-5789, Aug. 2021, doi: 10.1109/TII.2020.3037889.
**PeerJ Staff Note:** It is PeerJ policy that additional references suggested during the peer-review process should only be included if the authors are in agreement that they are relevant and useful.
.
.
This paper proposes a blockchain based method for defending against inner attackers. The system is designed, implemented and evaluated.
The experiments are sufficient.
The results are sound.
(1)The relation between GPDR and inner attackers should be addressed.
(2)The log data is encrypted and stored in the block? The storage of block should be low.
(3)The consensus of blockchain is what? The article is not clear enough about this.
(4)The hospitol case is illustrated as a use case may not be proper, as in this case more concerns should be addressed, such as privacy.
(5)How blockchain can be compatible with the legacy systems, which should be addressed.
(6)Fig. 2 is not clear.
1. This paper presents a well-thought-out and potentially impactful solution to a critical problem in data security. The focus on GDPR compliance, combined with the innovative use of blockchain and smart contracts, sets a solid foundation for a robust data breach detection system. The proposed future work indicates a forward-thinking approach, although it will be important to balance technological advances with privacy and ethical considerations.
2. The iterature review of this article is very terse. THi s part should be expanded by discussing the following studies:Enabling Integrity and Compliance Auditing in Blockchain-based GDPR-compliant Data Management; Blockchain-based recommender systems: Applications, challenges and future opportunities; A systematic literature review of the tension between the GDPR and public blockchain systems; Latest trends of security and privacy in recommender systems: a comprehensive review and future perspectives; Assessment and treatment of privacy issues in blockchain systems; An Enterprise Data Privacy Governance Model: Security-Centric Multi-Model Data Anonymization
3. Explore alternative blockchain platforms or layer 2 solutions that offer better scalability and lower transaction costs. A hybrid blockchain model could also be considered to balance transparency and efficiency.
4. Incorporate machine learning algorithms for advanced anomaly detection to improve the system's ability to identify complex insider threats. This could also help in reducing false positives/negatives.
5. The reliance on blockchain and smart contracts, particularly on platforms like Ethereum, raises concerns about scalability, especially given the variable gas costs. High transaction volumes in a real-world deployment could lead to inefficiencies and increased costs.
6. The paper doesn't explicitly address how the system deals with false positives or negatives in breach detection. This aspect is crucial in minimizing unnecessary alerts and ensuring that real threats are not overlooked.
7. While GDPR compliance is a strength, the system's approach to handling sensitive personal data, especially with the inclusion of biometric traits, needs thorough consideration in terms of privacy and security.
8. Conduct extensive testing in diverse real-world scenarios to evaluate the system's effectiveness comprehensively. This should include stress testing for high transaction volumes and advanced penetration testing to simulate sophisticated insider attacks.
9. Engage with potential end-users and stakeholders (such as data protection authorities) to gather feedback and insights. This can help in fine-tuning the system to meet practical needs and regulatory expectations more effectively.
10. Investigate how the proposed system can be integrated with existing security infrastructures in organizations. Seamless integration is essential for widespread adoption and effectiveness.
All text and materials provided via this peer-review history page are made available under a Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.