Round 1

Reviewer 1 Report

Comments:

1.     Table 1 needs to be simplified.

2.      The comparison of false positive results could be added.

3.     The comparison of machine learning and basic algorithms in Table 2 should be tied to the topic of the paper.

4.     At the end of the paper, the authors could add some conclusions and thoughts on the future research direction.

5.     There are some formatting and description issues, such as line 165, line 313.

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Reviewer 2 Report

The work as a whole is interesting and relevant, despite a significant decrease in the number of attacks of this type. It is very strange that sources in the form of OWASP were not used for the relevance of the study in 2022.

I would like to inform you : You did not provide a quote for the phrase in line 64: "In this literature [<number>], we have found several works [?] and solutions against a web-based defacement attack, which will be reviewed in the next sections."

Line 81 (Problem with punctuation):
"The attacker will exploit the site vulnerability. based on Romagna and van den Hout method[1]", The most common type...

Figure 5 - Chart indicators along the y-axis do not have a common design. Because if you write as in the original document, then the anti-plagiarism system will immediately detect a match for you.
I really disliked the word "Web" with a small letter in particular. Considering these indicators up to 0.3% (your indication is not 30%) is very symbolic in terms of the total number of the methods, the remaining 99.7% methods for deface or all attacks is not indicated.

Figure 6 - Try to speculate what would happen if the Hash database was hacked and ALSO changed (change of integrity).

The proposed combination model - Taking screenshots of the pages of a dynamic site, look at any news site, is simply unthinkable. This idea came from the first versions of static sites (~1995 of the year).

Figure 9 - There are not enough connections to visualize the complete process - check the connections.

To understand the importance of the problem, it is necessary to show a risk analysis that would show the importance of the integrity of the site pages, and then show what is the probability for this (your result is 0.3%, If you indicate 0.3 percent, this is not equal to the real 30%. Either 30% or 0.3 without the word percent), with this approach, the level of risk for any benchmark will be excessively small - as an error. Keep this in mind when manipulating such numbers. Data copied in full without citation (Page #8, table 3 https://www.researchgate.net/publication/320330579_Hacktivism_and_Website_Defacement_Motivations_Capabilities_and_Potential_Threats).

Author Response

Please see the attachment.

Author Response File: Author Response.pdf

Round 2

Reviewer 2 Report

Correction job well done! Good job!