1. Attacker might able to steal private key after user make a transaction from special address,but how do you plan to prevent this accident?
Through a transaction hash or wallet address, attackers cannot find the private key unless a user reveals it or it has been accessed using malware on the device and through phishing email.
2. How do someone veto a transaction which made by attacker where we can verify who's the owner or attacker without compromise owner privacy?
Once a transaction is made you cannot amend, recall or cancel the transaction.
3. Assuming a transaction is reversed, that means blocks would become invalid since it's hash (along with all next blocks) will become invalid? How do you plan to solve this problem?
As mentioned above you cannot recall a transaction.