Update app.py

app.py

@@ -1,6 +1,6 @@
 # ================================================================
-# 教育大模型MIA攻防研究 - Gradio演示系统
-# 支持: 11组实验 × 8维度指标
+# 教育大模型MIA攻防研究 - Gradio演示系统 v3.0
+# 全英文图表（解决乱码） + 科技感界面 + 多维度对比分析
 # ================================================================
 
 import os
@@ -10,6 +10,8 @@ import numpy as np
 import matplotlib
 matplotlib.use('Agg')
 import matplotlib.pyplot as plt
+from matplotlib.gridspec import GridSpec
+from sklearn.metrics import roc_curve, roc_auc_score
 import gradio as gr
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
@@ -18,7 +20,8 @@ BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 # 数据加载
 # ================================================================
 def load_json(path):
-    with open(os.path.join(BASE_DIR, path), 'r', encoding='utf-8') as f:
+    full = os.path.join(BASE_DIR, path)
+    with open(full, 'r', encoding='utf-8') as f:
         return json.load(f)
 
 def clean_text(text):
@@ -29,63 +32,81 @@ def clean_text(text):
     text = re.sub(r'[\u200b-\u200f\u2028-\u202f\u2060-\u206f\ufeff]', '', text)
     return text.strip()
 
-# 加载所有数据
 member_data = load_json("data/member.json")
 non_member_data = load_json("data/non_member.json")
 config = load_json("config.json")
-
-# 加载汇总结果
 all_data = load_json("results/all_results.json")
 mia_results = all_data["mia_results"]
 perturb_results = all_data["perturbation_results"]
 utility_results = all_data["utility_results"]
 full_losses = all_data["full_losses"]
-
 model_name = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
 
 # ================================================================
-# 提取指标
+# 全局图表配置 - 科技感深色主题
 # ================================================================
+COLORS = {
+    'bg': '#0f172a',
+    'panel': '#1e293b',
+    'grid': '#334155',
+    'text': '#e2e8f0',
+    'text_dim': '#94a3b8',
+    'accent': '#3b82f6',
+    'accent2': '#8b5cf6',
+    'danger': '#ef4444',
+    'success': '#22c55e',
+    'warning': '#f59e0b',
+    'baseline': '#64748b',
+    'ls_colors': ['#93c5fd', '#60a5fa', '#3b82f6', '#1d4ed8'],
+    'op_colors': ['#86efac', '#4ade80', '#22c55e', '#16a34a', '#15803d', '#166534'],
+}
 
-# 标签平滑模型
+def apply_dark_style(fig, ax_or_axes):
+    fig.patch.set_facecolor(COLORS['bg'])
+    axes = ax_or_axes if hasattr(ax_or_axes, '__iter__') else [ax_or_axes]
+    for ax in axes:
+        ax.set_facecolor(COLORS['panel'])
+        ax.tick_params(colors=COLORS['text_dim'], labelsize=9)
+        ax.xaxis.label.set_color(COLORS['text'])
+        ax.yaxis.label.set_color(COLORS['text'])
+        ax.title.set_color(COLORS['text'])
+        for spine in ax.spines.values():
+            spine.set_color(COLORS['grid'])
+        ax.grid(True, color=COLORS['grid'], alpha=0.3, linestyle='--')
+
+# ================================================================
+# 提取指标的辅助函数
+# ================================================================
 LS_KEYS = ["baseline", "smooth_eps_0.02", "smooth_eps_0.05", "smooth_eps_0.1", "smooth_eps_0.2"]
-LS_LABELS = ["基线", "LS(\u03b5=0.02)", "LS(\u03b5=0.05)", "LS(\u03b5=0.1)", "LS(\u03b5=0.2)"]
+LS_LABELS_EN = ["Baseline", "LS(e=0.02)", "LS(e=0.05)", "LS(e=0.1)", "LS(e=0.2)"]
+LS_LABELS_CN = ["\u57fa\u7ebf", "LS(\u03b5=0.02)", "LS(\u03b5=0.05)", "LS(\u03b5=0.1)", "LS(\u03b5=0.2)"]
 
-# 输出扰动
 OP_SIGMAS = [0.005, 0.01, 0.015, 0.02, 0.025, 0.03]
 OP_KEYS = [f"perturbation_{s}" for s in OP_SIGMAS]
-OP_LABELS = [f"OP(\u03c3={s})" for s in OP_SIGMAS]
+OP_LABELS_EN = [f"OP(s={s})" for s in OP_SIGMAS]
+OP_LABELS_CN = [f"OP(\u03c3={s})" for s in OP_SIGMAS]
 
 ALL_KEYS = LS_KEYS + OP_KEYS
-ALL_LABELS = LS_LABELS + OP_LABELS
+ALL_LABELS_EN = LS_LABELS_EN + OP_LABELS_EN
+ALL_LABELS_CN = LS_LABELS_CN + OP_LABELS_CN
 
-def get_metric(key, metric_name, default=0):
-    if key in mia_results:
-        return mia_results[key].get(metric_name, default)
-    if key in perturb_results:
-        return perturb_results[key].get(metric_name, default)
+def gm(key, metric, default=0):
+    if key in mia_results: return mia_results[key].get(metric, default)
+    if key in perturb_results: return perturb_results[key].get(metric, default)
     return default
 
-def get_utility(key):
-    if key in utility_results:
-        return utility_results[key].get("accuracy", 0) * 100
-    if key.startswith("perturbation_"):
-        return utility_results.get("baseline", {}).get("accuracy", 0) * 100
+def gu(key):
+    if key in utility_results: return utility_results[key].get("accuracy", 0) * 100
+    if key.startswith("perturbation_"): return utility_results.get("baseline", {}).get("accuracy", 0) * 100
     return 0
 
-# 基线数据
-bl_auc = get_metric("baseline", "auc")
-bl_acc = get_utility("baseline")
-bl_m_mean = get_metric("baseline", "member_loss_mean")
-bl_nm_mean = get_metric("baseline", "non_member_loss_mean")
-
-plt.rcParams['font.sans-serif'] = ['DejaVu Sans']
-plt.rcParams['axes.unicode_minus'] = False
+bl_auc = gm("baseline", "auc")
+bl_acc = gu("baseline")
+bl_m_mean = gm("baseline", "member_loss_mean")
+bl_nm_mean = gm("baseline", "non_member_loss_mean")
 
-TYPE_CN = {
-    'calculation': '基础计算', 'word_problem': '应用题',
-    'concept': '概念问答', 'error_correction': '错题订正'
-}
+TYPE_CN = {'calculation': '\u57fa\u7840\u8ba1\u7b97', 'word_problem': '\u5e94\u7528\u9898',
+           'concept': '\u6982\u5ff5\u95ee\u7b54', 'error_correction': '\u9519\u9898\u8ba2\u6b63'}
 
 # ================================================================
 # 效用评估题库
@@ -96,580 +117,1044 @@ _types = ['calculation']*120 + ['word_problem']*90 + ['concept']*60 + ['error_co
 for _i in range(300):
     _t = _types[_i]
     if _t == 'calculation':
-        _a, _b = int(np.random.randint(10, 500)), int(np.random.randint(10, 500))
-        _op = ['+', '-', '\u00d7'][_i % 3]
-        if _op == '+': _q, _ans = f"请计算: {_a} + {_b} = ?", str(_a + _b)
-        elif _op == '-': _q, _ans = f"请计算: {_a} - {_b} = ?", str(_a - _b)
-        else: _q, _ans = f"请计算: {_a} \u00d7 {_b} = ?", str(_a * _b)
+        _a, _b = int(np.random.randint(10,500)), int(np.random.randint(10,500))
+        _op = ['+','-','x'][_i%3]
+        if _op=='+': _q,_ans=f"{_a} + {_b} = ?",str(_a+_b)
+        elif _op=='-': _q,_ans=f"{_a} - {_b} = ?",str(_a-_b)
+        else: _q,_ans=f"{_a} x {_b} = ?",str(_a*_b)
     elif _t == 'word_problem':
-        _a, _b = int(np.random.randint(5, 200)), int(np.random.randint(3, 50))
-        _tpls = [
-            (f"小明有{_a}个苹果，吃掉{_b}个，还剩多少？", str(_a - _b)),
-            (f"每组{_a}人，共{_b}组，总计多少人？", str(_a * _b)),
-            (f"商店有{_a}支笔，卖出{_b}支，还剩？", str(_a - _b)),
-            (f"小红有{_a}颗糖，小明给她{_b}颗，现在多少？", str(_a + _b)),
-        ]
-        _q, _ans = _tpls[_i % len(_tpls)]
+        _a,_b = int(np.random.randint(5,200)), int(np.random.randint(3,50))
+        _tpls = [(f"{_a} apples, ate {_b}, left?",str(_a-_b)),
+                 (f"{_a} per group, {_b} groups, total?",str(_a*_b)),
+                 (f"{_a} pens, sold {_b}, left?",str(_a-_b)),
+                 (f"Had {_a}, got {_b} more, total?",str(_a+_b))]
+        _q,_ans = _tpls[_i%len(_tpls)]
     elif _t == 'concept':
-        _cs = [("面积", "面积是平面图形所占平面的大小"), ("周长", "周长是封闭图形边线一周的总长度"),
-               ("分数", "分数表示整体等分后取若干份"), ("小数", "小数用小数点表示比1小的数"),
-               ("平均数", "平均数是总和除以个数")]
-        _cn, _df = _cs[_i % len(_cs)]
-        _q, _ans = f"请解释什么是{_cn}？", _df
+        _cs = [("area","Area = space occupied by a shape"),("perimeter","Perimeter = total boundary length"),
+               ("fraction","Fraction = equal parts of a whole"),("decimal","Decimal = number with point"),
+               ("average","Average = sum / count")]
+        _cn,_df = _cs[_i%len(_cs)]; _q,_ans = f"What is {_cn}?",_df
     else:
-        _a, _b = int(np.random.randint(10, 99)), int(np.random.randint(10, 99))
-        _w = _a + _b + int(np.random.choice([-1, 1, -10, 10]))
-        _q, _ans = f"有同学算{_a}+{_b}={_w}，正确答案是？", str(_a + _b)
-    
-    # 为每个模型模拟结果
-    item = {'question': _q, 'answer': _ans, 'type_cn': TYPE_CN[_t]}
+        _a,_b = int(np.random.randint(10,99)), int(np.random.randint(10,99))
+        _w = _a+_b+int(np.random.choice([-1,1,-10,10]))
+        _q,_ans = f"Student got {_a}+{_b}={_w}, correct?",str(_a+_b)
+    item = {'question':_q,'answer':_ans,'type_cn':TYPE_CN[_t]}
     for key in LS_KEYS:
-        acc = get_utility(key) / 100
-        item[key] = bool(np.random.random() < acc)
+        acc = gu(key)/100; item[key] = bool(np.random.random()<acc)
     EVAL_POOL.append(item)
 
 # ================================================================
-# 图表函数
+# 图表1: AUC对比柱状图（11组）
 # ================================================================
+def fig_auc_bar():
+    names, vals, clrs = [], [], []
+    ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i,(k,l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        if k in mia_results:
+            names.append(l); vals.append(mia_results[k]['auc']); clrs.append(ls_c[i])
+    for i,(k,l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
+        if k in perturb_results:
+            names.append(l); vals.append(perturb_results[k]['auc']); clrs.append(COLORS['op_colors'][i])
+
+    fig, ax = plt.subplots(figsize=(14, 6))
+    apply_dark_style(fig, ax)
+    bars = ax.bar(range(len(names)), vals, color=clrs, width=0.6, edgecolor=COLORS['bg'], lw=1.5, zorder=3)
+    for b,v in zip(bars, vals):
+        ax.text(b.get_x()+b.get_width()/2, v+0.003, f'{v:.4f}',
+                ha='center', fontsize=9, fontweight='bold', color=COLORS['text'])
+    ax.axhline(0.5, color=COLORS['danger'], ls='--', lw=1.5, alpha=0.7, label='Random Guess (0.5)', zorder=2)
+    ax.axhline(bl_auc, color=COLORS['warning'], ls=':', lw=1, alpha=0.5, label=f'Baseline ({bl_auc:.4f})', zorder=2)
+    ax.set_ylabel('MIA Attack AUC', fontsize=11, fontweight='bold')
+    ax.set_title('Defense Effectiveness: MIA AUC Comparison (11 Configs)', fontsize=13, fontweight='bold', pad=15)
+    ax.set_ylim(0.48, max(vals)+0.035)
+    ax.set_xticks(range(len(names)))
+    ax.set_xticklabels(names, rotation=35, ha='right', fontsize=9)
+    ax.legend(facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'], fontsize=9)
+    plt.tight_layout()
+    return fig
 
-def fig_gauge(loss_val, m_mean, nm_mean, thr, m_std, nm_std):
-    fig, ax = plt.subplots(figsize=(9, 2.6))
-    xlo = min(m_mean - 3*m_std, loss_val - 0.01)
-    xhi = max(nm_mean + 3*nm_std, loss_val + 0.01)
-    ax.axvspan(xlo, thr, alpha=0.08, color='#3b82f6')
-    ax.axvspan(thr, xhi, alpha=0.08, color='#ef4444')
-    ax.axvline(thr, color='#1e293b', lw=2, zorder=3)
-    ax.text(thr, 1.08, f'Threshold={thr:.4f}', ha='center', va='bottom',
-            fontsize=8.5, fontweight='bold', color='#1e293b',
-            transform=ax.get_xaxis_transform())
-    mc = '#3b82f6' if loss_val < thr else '#ef4444'
-    ax.plot(loss_val, 0.5, marker='v', ms=15, color=mc, zorder=5,
-            transform=ax.get_xaxis_transform())
-    ax.text(loss_val, 0.78, f'Loss={loss_val:.4f}', ha='center', fontsize=10,
-            fontweight='bold', color=mc, transform=ax.get_xaxis_transform(),
-            bbox=dict(boxstyle='round,pad=.25', fc='white', ec=mc, alpha=0.9))
-    ax.text((xlo+thr)/2, 0.42, 'Member Zone', ha='center', fontsize=9.5,
-            color='#3b82f6', alpha=0.35, fontweight='bold', transform=ax.get_xaxis_transform())
-    ax.text((thr+xhi)/2, 0.42, 'Non-Member Zone', ha='center', fontsize=9.5,
-            color='#ef4444', alpha=0.35, fontweight='bold', transform=ax.get_xaxis_transform())
-    ax.set_xlim(xlo, xhi)
-    ax.set_yticks([])
-    for s in ['top', 'right', 'left']:
-        ax.spines[s].set_visible(False)
-    ax.set_xlabel('Loss Value', fontsize=9)
+# ================================================================
+# 图表2: 8维指标雷达图对比（关键新增！）
+# ================================================================
+def fig_radar_compare():
+    metrics = ['AUC', 'Attack Acc', 'Precision', 'Recall', 'F1', 'TPR@5%', 'TPR@1%', 'LossGap']
+    metric_keys = ['auc', 'attack_accuracy', 'precision', 'recall', 'f1', 'tpr_at_5fpr', 'tpr_at_1fpr', 'loss_gap']
+
+    configs = [
+        ("Baseline", "baseline", COLORS['danger']),
+        ("LS(e=0.1)", "smooth_eps_0.1", COLORS['accent']),
+        ("LS(e=0.2)", "smooth_eps_0.2", COLORS['accent2']),
+        ("OP(s=0.02)", "perturbation_0.02", COLORS['success']),
+    ]
+
+    N = len(metrics)
+    angles = np.linspace(0, 2*np.pi, N, endpoint=False).tolist()
+    angles += angles[:1]
+
+    fig, ax = plt.subplots(figsize=(8, 8), subplot_kw=dict(polar=True))
+    fig.patch.set_facecolor(COLORS['bg'])
+    ax.set_facecolor(COLORS['panel'])
+
+    # Normalize values for radar
+    all_vals = {}
+    for name, key, color in configs:
+        vals = [gm(key, mk) for mk in metric_keys]
+        all_vals[name] = vals
+
+    # Get max for each metric for normalization
+    maxes = []
+    for i, mk in enumerate(metric_keys):
+        m = max(gm(k, mk) for _, k, _ in configs)
+        maxes.append(m if m > 0 else 1)
+
+    for name, key, color in configs:
+        vals = [gm(key, mk)/maxes[i] for i, mk in enumerate(metric_keys)]
+        vals += vals[:1]
+        ax.plot(angles, vals, 'o-', linewidth=2, label=name, color=color, markersize=6)
+        ax.fill(angles, vals, alpha=0.1, color=color)
+
+    ax.set_xticks(angles[:-1])
+    ax.set_xticklabels(metrics, fontsize=10, color=COLORS['text'])
+    ax.set_yticklabels([])
+    ax.set_title('Multi-Metric Radar: Attack vs Defense', fontsize=13,
+                 fontweight='bold', color=COLORS['text'], pad=25)
+    ax.legend(loc='upper right', bbox_to_anchor=(1.3, 1.1),
+             facecolor=COLORS['panel'], edgecolor=COLORS['grid'],
+             labelcolor=COLORS['text'], fontsize=10)
+    ax.spines['polar'].set_color(COLORS['grid'])
+    ax.tick_params(axis='y', colors=COLORS['grid'])
+    ax.grid(color=COLORS['grid'], alpha=0.3)
     plt.tight_layout()
     return fig
 
+# ================================================================
+# 图表3: Loss分布对比（标签平滑5个模型）
+# ================================================================
 def fig_loss_dist():
     items = []
-    for k, l in zip(LS_KEYS, LS_LABELS):
+    for k, l in zip(LS_KEYS, LS_LABELS_EN):
         if k in full_losses:
-            auc = get_metric(k, 'auc', 0)
-            items.append((k, l, auc))
+            items.append((k, l, gm(k, 'auc')))
     n = len(items)
-    if n == 0:
-        return plt.figure()
-    fig, axes = plt.subplots(1, n, figsize=(5*n, 4.5))
-    if n == 1:
-        axes = [axes]
+    if n == 0: return plt.figure()
+
+    fig, axes = plt.subplots(1, n, figsize=(4.5*n, 4.5))
+    if n == 1: axes = [axes]
+    apply_dark_style(fig, axes)
+
     for ax, (k, l, a) in zip(axes, items):
         m = full_losses[k]['member_losses']
         nm = full_losses[k]['non_member_losses']
-        bins = np.linspace(min(min(m), min(nm)), max(max(m), max(nm)), 30)
-        ax.hist(m, bins=bins, alpha=0.5, color='#3b82f6', label='Member', density=True)
-        ax.hist(nm, bins=bins, alpha=0.5, color='#ef4444', label='Non-Member', density=True)
-        ax.set_title(f'{l}  |  AUC={a:.4f}', fontsize=11, fontweight='bold')
+        bins = np.linspace(min(min(m),min(nm)), max(max(m),max(nm)), 30)
+        ax.hist(m, bins=bins, alpha=0.6, color=COLORS['accent'], label='Member', density=True)
+        ax.hist(nm, bins=bins, alpha=0.6, color=COLORS['danger'], label='Non-Member', density=True)
+        ax.set_title(f'{l}  |  AUC={a:.4f}', fontsize=10, fontweight='bold')
         ax.set_xlabel('Loss', fontsize=9)
         ax.set_ylabel('Density', fontsize=9)
-        ax.legend(fontsize=8)
-        ax.grid(axis='y', alpha=0.15)
-        ax.spines['top'].set_visible(False)
-        ax.spines['right'].set_visible(False)
+        ax.legend(fontsize=8, facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'])
     plt.tight_layout()
     return fig
 
+# ================================================================
+# 图表4: 输出扰动Loss分布（6组）
+# ================================================================
 def fig_perturb_dist():
-    if 'baseline' not in full_losses:
-        return plt.figure()
+    if 'baseline' not in full_losses: return plt.figure()
     ml = np.array(full_losses['baseline']['member_losses'])
     nl = np.array(full_losses['baseline']['non_member_losses'])
-    sigmas = OP_SIGMAS
-    n = len(sigmas)
-    fig, axes = plt.subplots(1, n, figsize=(4*n, 4.5))
-    if n == 1:
-        axes = [axes]
-    for ax, s in zip(axes, sigmas):
+
+    fig, axes = plt.subplots(2, 3, figsize=(16, 9))
+    axes_flat = axes.flatten()
+    apply_dark_style(fig, axes_flat)
+
+    for i, (ax, s) in enumerate(zip(axes_flat, OP_SIGMAS)):
         rng_m = np.random.RandomState(42)
         rng_nm = np.random.RandomState(137)
         mp = ml + rng_m.normal(0, s, len(ml))
         np_ = nl + rng_nm.normal(0, s, len(nl))
         v = np.concatenate([mp, np_])
         bins = np.linspace(v.min(), v.max(), 28)
-        ax.hist(mp, bins=bins, alpha=0.5, color='#3b82f6', label='Mem+noise', density=True)
-        ax.hist(np_, bins=bins, alpha=0.5, color='#ef4444', label='Non+noise', density=True)
-        pa = get_metric(f'perturbation_{s}', 'auc', 0)
-        ax.set_title(f'OP(\u03c3={s}) | AUC={pa:.4f}', fontsize=10, fontweight='bold')
+        ax.hist(mp, bins=bins, alpha=0.6, color=COLORS['accent'], label='Mem+noise', density=True)
+        ax.hist(np_, bins=bins, alpha=0.6, color=COLORS['danger'], label='Non+noise', density=True)
+        pa = gm(f'perturbation_{s}', 'auc')
+        ax.set_title(f'OP(s={s}) | AUC={pa:.4f}', fontsize=10, fontweight='bold')
         ax.set_xlabel('Loss', fontsize=9)
-        ax.legend(fontsize=7)
-        ax.grid(axis='y', alpha=0.15)
-        ax.spines['top'].set_visible(False)
-        ax.spines['right'].set_visible(False)
+        ax.legend(fontsize=7, facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'])
     plt.tight_layout()
     return fig
 
-def fig_auc_bar():
-    names, vals, colors = [], [], []
-    color_map = {
-        'baseline': '#64748b',
-        'smooth_eps_0.02': '#93c5fd', 'smooth_eps_0.05': '#60a5fa',
-        'smooth_eps_0.1': '#3b82f6', 'smooth_eps_0.2': '#1d4ed8',
-    }
-    op_colors = ['#86efac', '#4ade80', '#22c55e', '#16a34a', '#15803d', '#166534']
-    
-    for k, l in zip(LS_KEYS, LS_LABELS):
-        if k in mia_results:
-            names.append(l)
-            vals.append(mia_results[k]['auc'])
-            colors.append(color_map.get(k, '#64748b'))
-    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS)):
-        if k in perturb_results:
-            names.append(l)
-            vals.append(perturb_results[k]['auc'])
-            colors.append(op_colors[i % len(op_colors)])
-    
-    fig, ax = plt.subplots(figsize=(14, 5.5))
-    bars = ax.bar(range(len(names)), vals, color=colors, width=0.6, edgecolor='white', lw=1.5)
-    for b, v in zip(bars, vals):
-        ax.text(b.get_x() + b.get_width()/2, v + 0.003, f'{v:.4f}',
-                ha='center', fontsize=9, fontweight='bold')
-    ax.axhline(0.5, color='#ef4444', ls='--', lw=1.5, alpha=0.5, label='Random (0.5)')
-    ax.set_ylabel('MIA AUC', fontsize=11)
-    ax.set_ylim(0.48, max(vals) + 0.03)
-    ax.set_xticks(range(len(names)))
-    ax.set_xticklabels(names, rotation=30, ha='right', fontsize=9)
-    ax.legend(fontsize=9)
-    ax.spines['top'].set_visible(False)
-    ax.spines['right'].set_visible(False)
-    ax.grid(axis='y', alpha=0.15)
+# ================================================================
+# 图表5: ROC曲线对比（关键新增！证明攻击效果）
+# ================================================================
+def fig_roc_curves():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 7))
+    apply_dark_style(fig, axes)
+
+    # 左图: 标签平滑ROC
+    ax = axes[0]
+    ls_colors = [COLORS['danger'], COLORS['ls_colors'][0], COLORS['ls_colors'][1],
+                 COLORS['ls_colors'][2], COLORS['ls_colors'][3]]
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        if k not in full_losses: continue
+        m = np.array(full_losses[k]['member_losses'])
+        nm = np.array(full_losses[k]['non_member_losses'])
+        y_true = np.concatenate([np.ones(len(m)), np.zeros(len(nm))])
+        y_scores = np.concatenate([-m, -nm])
+        fpr, tpr, _ = roc_curve(y_true, y_scores)
+        auc_val = roc_auc_score(y_true, y_scores)
+        ax.plot(fpr, tpr, color=ls_colors[i], lw=2, label=f'{l} (AUC={auc_val:.4f})')
+
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1, label='Random')
+    ax.set_xlabel('False Positive Rate', fontsize=11, fontweight='bold')
+    ax.set_ylabel('True Positive Rate', fontsize=11, fontweight='bold')
+    ax.set_title('ROC Curves: Label Smoothing Defense', fontsize=12, fontweight='bold', pad=10)
+    ax.legend(fontsize=9, facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'])
+
+    # 右图: 输出扰动ROC
+    ax = axes[1]
+    if 'baseline' in full_losses:
+        ml_base = np.array(full_losses['baseline']['member_losses'])
+        nl_base = np.array(full_losses['baseline']['non_member_losses'])
+
+        # Baseline ROC
+        y_true = np.concatenate([np.ones(len(ml_base)), np.zeros(len(nl_base))])
+        y_scores = np.concatenate([-ml_base, -nl_base])
+        fpr, tpr, _ = roc_curve(y_true, y_scores)
+        ax.plot(fpr, tpr, color=COLORS['danger'], lw=2, label=f'Baseline (AUC={bl_auc:.4f})')
+
+        for i, s in enumerate(OP_SIGMAS):
+            rng_m = np.random.RandomState(42)
+            rng_nm = np.random.RandomState(137)
+            mp = ml_base + rng_m.normal(0, s, len(ml_base))
+            np_ = nl_base + rng_nm.normal(0, s, len(nl_base))
+            y_scores_p = np.concatenate([-mp, -np_])
+            fpr_p, tpr_p, _ = roc_curve(y_true, y_scores_p)
+            auc_p = roc_auc_score(y_true, y_scores_p)
+            ax.plot(fpr_p, tpr_p, color=COLORS['op_colors'][i], lw=1.5,
+                   label=f'OP(s={s}) (AUC={auc_p:.4f})')
+
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1, label='Random')
+    ax.set_xlabel('False Positive Rate', fontsize=11, fontweight='bold')
+    ax.set_ylabel('True Positive Rate', fontsize=11, fontweight='bold')
+    ax.set_title('ROC Curves: Output Perturbation Defense', fontsize=12, fontweight='bold', pad=10)
+    ax.legend(fontsize=8, facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'], loc='lower right')
+
+    plt.tight_layout()
+    return fig
+
+# ================================================================
+# 图表6: TPR@低FPR 对比（关键新增！精细评估攻击危害）
+# ================================================================
+def fig_tpr_at_low_fpr():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5))
+    apply_dark_style(fig, axes)
+
+    # 数据
+    labels_all = []
+    tpr5_all = []
+    tpr1_all = []
+    colors_all = []
+
+    ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        labels_all.append(l)
+        tpr5_all.append(gm(k, 'tpr_at_5fpr'))
+        tpr1_all.append(gm(k, 'tpr_at_1fpr'))
+        colors_all.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
+        labels_all.append(l)
+        tpr5_all.append(gm(k, 'tpr_at_5fpr'))
+        tpr1_all.append(gm(k, 'tpr_at_1fpr'))
+        colors_all.append(COLORS['op_colors'][i])
+
+    x = range(len(labels_all))
+
+    # TPR@5%FPR
+    ax = axes[0]
+    bars = ax.bar(x, tpr5_all, color=colors_all, width=0.6, edgecolor=COLORS['bg'], lw=1, zorder=3)
+    for b, v in zip(bars, tpr5_all):
+        ax.text(b.get_x()+b.get_width()/2, v+0.003, f'{v:.3f}',
+                ha='center', fontsize=8, fontweight='bold', color=COLORS['text'])
+    ax.set_ylabel('TPR @ 5% FPR', fontsize=11, fontweight='bold')
+    ax.set_title('Attack Power at 5% False Positive Rate', fontsize=12, fontweight='bold', pad=10)
+    ax.set_xticks(x)
+    ax.set_xticklabels(labels_all, rotation=40, ha='right', fontsize=8)
+    ax.axhline(0.05, color=COLORS['warning'], ls='--', lw=1, alpha=0.5, label='Random (0.05)')
+    ax.legend(facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'], fontsize=9)
+
+    # TPR@1%FPR
+    ax = axes[1]
+    bars = ax.bar(x, tpr1_all, color=colors_all, width=0.6, edgecolor=COLORS['bg'], lw=1, zorder=3)
+    for b, v in zip(bars, tpr1_all):
+        ax.text(b.get_x()+b.get_width()/2, v+0.002, f'{v:.3f}',
+                ha='center', fontsize=8, fontweight='bold', color=COLORS['text'])
+    ax.set_ylabel('TPR @ 1% FPR', fontsize=11, fontweight='bold')
+    ax.set_title('Attack Power at 1% False Positive Rate (Strict)', fontsize=12, fontweight='bold', pad=10)
+    ax.set_xticks(x)
+    ax.set_xticklabels(labels_all, rotation=40, ha='right', fontsize=8)
+    ax.axhline(0.01, color=COLORS['warning'], ls='--', lw=1, alpha=0.5, label='Random (0.01)')
+    ax.legend(facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'], fontsize=9)
+
     plt.tight_layout()
     return fig
 
+# ================================================================
+# 图表7: 效用准确率柱状图
+# ================================================================
 def fig_acc_bar():
-    names, vals, colors = [], [], []
-    color_map = {
-        'baseline': '#64748b',
-        'smooth_eps_0.02': '#93c5fd', 'smooth_eps_0.05': '#60a5fa',
-        'smooth_eps_0.1': '#3b82f6', 'smooth_eps_0.2': '#1d4ed8',
-    }
-    op_colors = ['#86efac', '#4ade80', '#22c55e', '#16a34a', '#15803d', '#166534']
-    
-    for k, l in zip(LS_KEYS, LS_LABELS):
+    names, vals, clrs = [], [], []
+    ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
         if k in utility_results:
-            names.append(l)
-            vals.append(utility_results[k]['accuracy'] * 100)
-            colors.append(color_map.get(k, '#64748b'))
-    
-    bl_a = utility_results.get('baseline', {}).get('accuracy', 0) * 100
-    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS)):
+            names.append(l); vals.append(utility_results[k]['accuracy']*100); clrs.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
         if k in perturb_results:
-            names.append(l)
-            vals.append(bl_a)
-            colors.append(op_colors[i % len(op_colors)])
-    
-    fig, ax = plt.subplots(figsize=(14, 5.5))
-    bars = ax.bar(range(len(names)), vals, color=colors, width=0.6, edgecolor='white', lw=1.5)
+            names.append(l); vals.append(bl_acc); clrs.append(COLORS['op_colors'][i])
+
+    fig, ax = plt.subplots(figsize=(14, 6))
+    apply_dark_style(fig, ax)
+    bars = ax.bar(range(len(names)), vals, color=clrs, width=0.6, edgecolor=COLORS['bg'], lw=1.5, zorder=3)
     for b, v in zip(bars, vals):
-        ax.text(b.get_x() + b.get_width()/2, v + 0.5, f'{v:.1f}%',
-                ha='center', fontsize=9, fontweight='bold')
-    ax.set_ylabel('Accuracy (%)', fontsize=11)
+        ax.text(b.get_x()+b.get_width()/2, v+0.5, f'{v:.1f}%',
+                ha='center', fontsize=9, fontweight='bold', color=COLORS['text'])
+    ax.set_ylabel('Test Accuracy (%)', fontsize=11, fontweight='bold')
+    ax.set_title('Model Utility: Test Accuracy (300 Questions)', fontsize=13, fontweight='bold', pad=15)
     ax.set_ylim(0, 100)
     ax.set_xticks(range(len(names)))
-    ax.set_xticklabels(names, rotation=30, ha='right', fontsize=9)
-    ax.spines['top'].set_visible(False)
-    ax.spines['right'].set_visible(False)
-    ax.grid(axis='y', alpha=0.15)
+    ax.set_xticklabels(names, rotation=35, ha='right', fontsize=9)
     plt.tight_layout()
     return fig
 
+# ================================================================
+# 图表8: 隐私-效用权衡散点图
+# ================================================================
 def fig_tradeoff():
-    fig, ax = plt.subplots(figsize=(10, 7))
-    
-    markers = {'baseline': 'o', 'smooth_eps_0.02': 's', 'smooth_eps_0.05': 's',
-               'smooth_eps_0.1': 's', 'smooth_eps_0.2': 's'}
-    colors_ls = {'baseline': '#64748b', 'smooth_eps_0.02': '#93c5fd',
-                 'smooth_eps_0.05': '#60a5fa', 'smooth_eps_0.1': '#3b82f6',
-                 'smooth_eps_0.2': '#1d4ed8'}
-    op_markers = ['^', 'D', 'v', 'P', 'X', 'h']
-    op_colors_list = ['#86efac', '#4ade80', '#22c55e', '#16a34a', '#15803d', '#166534']
-    
-    for k, l in zip(LS_KEYS, LS_LABELS):
+    fig, ax = plt.subplots(figsize=(11, 8))
+    apply_dark_style(fig, ax)
+
+    markers_ls = ['o', 's', 's', 's', 's']
+    ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
         if k in mia_results and k in utility_results:
-            ax.scatter(utility_results[k]['accuracy'], mia_results[k]['auc'],
-                      label=l, marker=markers.get(k, 'o'), color=colors_ls.get(k, '#64748b'),
-                      s=180, edgecolors='white', lw=2, zorder=5)
-    
-    bl_a = utility_results.get('baseline', {}).get('accuracy', 0.66)
-    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS)):
+            ax.scatter(utility_results[k]['accuracy']*100, mia_results[k]['auc'],
+                      label=l, marker=markers_ls[i], color=ls_c[i],
+                      s=200, edgecolors='white', lw=2, zorder=5)
+
+    op_markers = ['^', 'D', 'v', 'P', 'X', 'h']
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
         if k in perturb_results:
-            ax.scatter(bl_a, perturb_results[k]['auc'], label=l,
-                      marker=op_markers[i % len(op_markers)],
-                      color=op_colors_list[i % len(op_colors_list)],
-                      s=180, edgecolors='white', lw=2, zorder=5)
-    
-    ax.axhline(0.5, color='#cbd5e1', ls='--', alpha=0.8, label='Random (AUC=0.5)')
-    ax.set_xlabel('Model Utility (Accuracy)', fontsize=12, fontweight='bold')
+            ax.scatter(bl_acc, perturb_results[k]['auc'], label=l,
+                      marker=op_markers[i], color=COLORS['op_colors'][i],
+                      s=200, edgecolors='white', lw=2, zorder=5)
+
+    ax.axhline(0.5, color=COLORS['text_dim'], ls='--', alpha=0.5, label='Random (AUC=0.5)')
+
+    # Ideal zone annotation
+    ax.annotate('IDEAL\nHigh Utility\nLow Risk', xy=(85, 0.52), fontsize=11,
+               fontweight='bold', color=COLORS['success'], alpha=0.4, ha='center')
+    ax.annotate('WORST\nLow Utility\nHigh Risk', xy=(62, 0.62), fontsize=11,
+               fontweight='bold', color=COLORS['danger'], alpha=0.4, ha='center')
+
+    ax.set_xlabel('Model Utility (Accuracy %)', fontsize=12, fontweight='bold')
     ax.set_ylabel('Privacy Risk (MIA AUC)', fontsize=12, fontweight='bold')
-    ax.set_title('Privacy-Utility Trade-off', fontsize=14, pad=15)
-    ax.legend(fontsize=7, loc='upper right', ncol=2)
-    ax.grid(True, alpha=0.12)
+    ax.set_title('Privacy-Utility Trade-off Analysis', fontsize=14, fontweight='bold', pad=15)
+    ax.legend(fontsize=8, loc='upper left', ncol=2,
+             facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'])
+    plt.tight_layout()
+    return fig
+
+# ================================================================
+# 图表9: AUC递减趋势线（关键新增！证明防御参数与效果的关系）
+# ================================================================
+def fig_auc_trend():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5))
+    apply_dark_style(fig, axes)
+
+    # 左: 标签平滑 epsilon vs AUC
+    ax = axes[0]
+    eps_vals = [0.0, 0.02, 0.05, 0.1, 0.2]
+    auc_vals = [gm(k, 'auc') for k in LS_KEYS]
+    acc_vals = [gu(k) for k in LS_KEYS]
+
+    ax2 = ax.twinx()
+    line1 = ax.plot(eps_vals, auc_vals, 'o-', color=COLORS['danger'], lw=2.5, ms=10, label='MIA AUC (left)', zorder=5)
+    line2 = ax2.plot(eps_vals, acc_vals, 's--', color=COLORS['success'], lw=2.5, ms=10, label='Utility % (right)', zorder=5)
+    ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.4)
+
+    ax.set_xlabel('Label Smoothing epsilon', fontsize=11, fontweight='bold')
+    ax.set_ylabel('MIA AUC', fontsize=11, fontweight='bold', color=COLORS['danger'])
+    ax2.set_ylabel('Utility (%)', fontsize=11, fontweight='bold', color=COLORS['success'])
+    ax.set_title('Label Smoothing: AUC & Utility vs Epsilon', fontsize=12, fontweight='bold', pad=10)
+    ax.tick_params(axis='y', labelcolor=COLORS['danger'])
+    ax2.tick_params(axis='y', labelcolor=COLORS['success'])
+    ax2.spines['right'].set_color(COLORS['success'])
+    ax2.spines['left'].set_color(COLORS['danger'])
+
+    lines = line1 + line2
+    labels = [l.get_label() for l in lines]
+    ax.legend(lines, labels, fontsize=9, facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'])
+
+    # 右: 输出扰动 sigma vs AUC
+    ax = axes[1]
+    sig_vals = OP_SIGMAS
+    auc_op = [gm(k, 'auc') for k in OP_KEYS]
+
+    ax.plot(sig_vals, auc_op, 'o-', color=COLORS['success'], lw=2.5, ms=10, zorder=5, label='MIA AUC')
+    ax.axhline(bl_auc, color=COLORS['danger'], ls='--', lw=1.5, alpha=0.5, label=f'Baseline ({bl_auc:.4f})')
+    ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.4, label='Random (0.5)')
+
+    ax.fill_between(sig_vals, auc_op, bl_auc, alpha=0.15, color=COLORS['success'], label='AUC Reduction')
+
+    ax.set_xlabel('Perturbation Sigma', fontsize=11, fontweight='bold')
+    ax.set_ylabel('MIA AUC', fontsize=11, fontweight='bold')
+    ax.set_title('Output Perturbation: AUC vs Sigma', fontsize=12, fontweight='bold', pad=10)
+    ax.legend(fontsize=9, facecolor=COLORS['panel'], edgecolor=COLORS['grid'], labelcolor=COLORS['text'])
+
+    plt.tight_layout()
+    return fig
+
+# ================================================================
+# 图表10: Loss差距瀑布图（关键新增！直观展示防御缩小差距）
+# ================================================================
+def fig_loss_gap_waterfall():
+    fig, ax = plt.subplots(figsize=(14, 6.5))
+    apply_dark_style(fig, ax)
+
+    names, gaps, clrs = [], [], []
+    ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
+        names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(COLORS['op_colors'][i])
+
+    bars = ax.bar(range(len(names)), gaps, color=clrs, width=0.6, edgecolor=COLORS['bg'], lw=1.5, zorder=3)
+    for b, v in zip(bars, gaps):
+        ax.text(b.get_x()+b.get_width()/2, v+0.0002, f'{v:.4f}',
+                ha='center', fontsize=8, fontweight='bold', color=COLORS['text'])
+
+    ax.set_ylabel('Loss Gap (Non-Member - Member)', fontsize=11, fontweight='bold')
+    ax.set_title('Member vs Non-Member Loss Gap (Smaller = Better Defense)', fontsize=13, fontweight='bold', pad=15)
+    ax.set_xticks(range(len(names)))
+    ax.set_xticklabels(names, rotation=35, ha='right', fontsize=9)
+
+    # 添加箭头注释
+    ax.annotate('Smaller gap = harder to distinguish\n= stronger privacy protection',
+               xy=(8, gaps[0]*0.3), fontsize=10, color=COLORS['success'],
+               fontstyle='italic', ha='center',
+               bbox=dict(boxstyle='round,pad=0.5', facecolor=COLORS['panel'], edgecolor=COLORS['success'], alpha=0.8))
+
+    plt.tight_layout()
+    return fig
+
+# ================================================================
+# 图表11: 攻击判定位置图（gauge）
+# ================================================================
+def fig_gauge(loss_val, m_mean, nm_mean, thr, m_std, nm_std):
+    fig, ax = plt.subplots(figsize=(10, 3))
+    fig.patch.set_facecolor(COLORS['bg'])
+    ax.set_facecolor(COLORS['panel'])
+
+    xlo = min(m_mean - 3.5*m_std, loss_val - 0.005)
+    xhi = max(nm_mean + 3.5*nm_std, loss_val + 0.005)
+
+    ax.axvspan(xlo, thr, alpha=0.12, color=COLORS['accent'])
+    ax.axvspan(thr, xhi, alpha=0.12, color=COLORS['danger'])
+    ax.axvline(thr, color=COLORS['text'], lw=2, zorder=3)
+    ax.text(thr, 1.08, f'Threshold={thr:.4f}', ha='center', va='bottom',
+            fontsize=9, fontweight='bold', color=COLORS['text'],
+            transform=ax.get_xaxis_transform())
+
+    mc = COLORS['accent'] if loss_val < thr else COLORS['danger']
+    ax.plot(loss_val, 0.5, marker='v', ms=18, color=mc, zorder=5,
+            transform=ax.get_xaxis_transform())
+    ax.text(loss_val, 0.78, f'Loss={loss_val:.4f}', ha='center', fontsize=11,
+            fontweight='bold', color=mc, transform=ax.get_xaxis_transform(),
+            bbox=dict(boxstyle='round,pad=.3', fc=COLORS['panel'], ec=mc, alpha=0.95))
+
+    ax.text((xlo+thr)/2, 0.35, 'MEMBER', ha='center', fontsize=11,
+            color=COLORS['accent'], alpha=0.5, fontweight='bold',
+            transform=ax.get_xaxis_transform())
+    ax.text((thr+xhi)/2, 0.35, 'NON-MEMBER', ha='center', fontsize=11,
+            color=COLORS['danger'], alpha=0.5, fontweight='bold',
+            transform=ax.get_xaxis_transform())
+
+    ax.set_xlim(xlo, xhi)
+    ax.set_yticks([])
+    for s in ax.spines.values():
+        s.set_color(COLORS['grid'])
     ax.spines['top'].set_visible(False)
+    ax.spines['left'].set_visible(False)
     ax.spines['right'].set_visible(False)
+    ax.tick_params(colors=COLORS['text_dim'])
+    ax.set_xlabel('Loss Value', fontsize=10, color=COLORS['text'])
     plt.tight_layout()
     return fig
 
 # ================================================================
 # 回调函数
 # ================================================================
-
 def cb_sample(src):
-    pool = member_data if src == "成员数据（训练集）" else non_member_data
+    pool = member_data if src == "\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09" else non_member_data
     s = pool[np.random.randint(len(pool))]
     m = s['metadata']
-    md = ("| 字段 | 值 |\n|---|---|\n"
-          f"| 姓名 | {clean_text(str(m.get('name','')))} |\n"
-          f"| 学号 | {clean_text(str(m.get('student_id','')))} |\n"
-          f"| 班级 | {clean_text(str(m.get('class','')))} |\n"
-          f"| 成绩 | {clean_text(str(m.get('score','')))} 分 |\n"
-          f"| 类型 | {TYPE_CN.get(s.get('task_type',''), '')} |\n")
+    md = ("| \u5b57\u6bb5 | \u503c |\n|---|---|\n"
+          f"| \u59d3\u540d | {clean_text(str(m.get('name','')))} |\n"
+          f"| \u5b66\u53f7 | {clean_text(str(m.get('student_id','')))} |\n"
+          f"| \u73ed\u7ea7 | {clean_text(str(m.get('class','')))} |\n"
+          f"| \u6210\u7ee9 | {clean_text(str(m.get('score','')))} \u5206 |\n"
+          f"| \u7c7b\u578b | {TYPE_CN.get(s.get('task_type',''), '')} |\n")
     return md, clean_text(s.get('question', '')), clean_text(s.get('answer', ''))
 
-# 攻击目标映射
 ATK_CHOICES = (
-    ["基线模型 (Baseline)"] +
-    [f"标签平滑 (\u03b5={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
-    [f"输出扰动 (\u03c3={s})" for s in OP_SIGMAS]
+    ["\u57fa\u7ebf\u6a21\u578b (Baseline)"] +
+    [f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
+    [f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})" for s in OP_SIGMAS]
 )
-
 ATK_MAP = {}
-ATK_MAP["基线模型 (Baseline)"] = "baseline"
+ATK_MAP["\u57fa\u7ebf\u6a21\u578b (Baseline)"] = "baseline"
 for e in [0.02, 0.05, 0.1, 0.2]:
-    ATK_MAP[f"标签平滑 (\u03b5={e})"] = f"smooth_eps_{e}"
+    ATK_MAP[f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})"] = f"smooth_eps_{e}"
 for s in OP_SIGMAS:
-    ATK_MAP[f"输出扰动 (\u03c3={s})"] = f"perturbation_{s}"
+    ATK_MAP[f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})"] = f"perturbation_{s}"
 
 def cb_attack(idx, src, target):
-    is_mem = src == "成员数据（训练集）"
+    is_mem = src == "\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09"
     pool = member_data if is_mem else non_member_data
-    idx = min(int(idx), len(pool) - 1)
+    idx = min(int(idx), len(pool)-1)
     sample = pool[idx]
     key = ATK_MAP.get(target, "baseline")
-    
     is_op = key.startswith("perturbation_")
-    
+
     if is_op:
         sigma = float(key.split("_")[1])
         fr = full_losses.get('baseline', {})
         lk = 'member_losses' if is_mem else 'non_member_losses'
-        losses_list = fr.get(lk, [])
-        base_loss = losses_list[idx] if idx < len(losses_list) else float(np.random.normal(bl_m_mean if is_mem else bl_nm_mean, 0.02))
-        np.random.seed(idx * 1000 + int(sigma * 10000))
+        ll = fr.get(lk, [])
+        base_loss = ll[idx] if idx < len(ll) else float(np.random.normal(bl_m_mean if is_mem else bl_nm_mean, 0.02))
+        np.random.seed(idx*1000 + int(sigma*10000))
         loss = base_loss + np.random.normal(0, sigma)
-        mm = get_metric("baseline", "member_loss_mean", 0.19)
-        nm_m = get_metric("baseline", "non_member_loss_mean", 0.20)
-        ms = get_metric("baseline", "member_loss_std", 0.03)
-        ns = get_metric("baseline", "non_member_loss_std", 0.03)
-        auc_v = get_metric(key, "auc", 0)
-        lbl = f"OP(\u03c3={sigma})"
+        mm = gm("baseline", "member_loss_mean", 0.19)
+        nm_m = gm("baseline", "non_member_loss_mean", 0.20)
+        ms = gm("baseline", "member_loss_std", 0.03)
+        ns = gm("baseline", "non_member_loss_std", 0.03)
+        auc_v = gm(key, "auc"); lbl = f"OP(\u03c3={sigma})"
     else:
         info = mia_results.get(key, mia_results.get('baseline', {}))
         fr = full_losses.get(key, full_losses.get('baseline', {}))
         lk = 'member_losses' if is_mem else 'non_member_losses'
-        losses_list = fr.get(lk, [])
-        loss = losses_list[idx] if idx < len(losses_list) else float(np.random.normal(info.get('member_loss_mean', 0.19), 0.02))
+        ll = fr.get(lk, [])
+        loss = ll[idx] if idx < len(ll) else float(np.random.normal(info.get('member_loss_mean',0.19), 0.02))
         mm = info.get('member_loss_mean', 0.19)
         nm_m = info.get('non_member_loss_mean', 0.20)
         ms = info.get('member_loss_std', 0.03)
         ns = info.get('non_member_loss_std', 0.03)
         auc_v = info.get('auc', 0)
-        if key == "baseline":
-            lbl = "Baseline"
+        if key == "baseline": lbl = "Baseline"
         else:
-            eps = key.replace("smooth_eps_", "")
+            eps = key.replace("smooth_eps_","")
             lbl = f"LS(\u03b5={eps})"
-    
+
     thr = (mm + nm_m) / 2
     pred = loss < thr
     correct = pred == is_mem
-    
     gauge = fig_gauge(loss, mm, nm_m, thr, ms, ns)
-    
-    pl, pc = ("训练成员", "\U0001f534") if pred else ("非训练成员", "\U0001f7e2")
-    al, ac = ("训练成员", "\U0001f534") if is_mem else ("非训练成员", "\U0001f7e2")
-    
+
+    pl = "\u8bad\u7ec3\u6210\u5458" if pred else "\u975e\u8bad\u7ec3\u6210\u5458"
+    al = "\u8bad\u7ec3\u6210\u5458" if is_mem else "\u975e\u8bad\u7ec3\u6210\u5458"
+
     if correct and pred and is_mem:
-        v = "⚠️ **攻击成功：隐私泄露**\n\n> 模型对该样本过于熟悉（Loss < 阈值），攻击者成功判定为训练数据。"
+        v = "\u26a0\ufe0f **\u653b\u51fb\u6210\u529f\uff1a\u9690\u79c1\u6cc4\u9732**\n\n> \u6a21\u578b\u5bf9\u8be5\u6837\u672c\u8fc7\u4e8e\u719f\u6089\uff08Loss < \u9608\u503c\uff09\uff0c\u653b\u51fb\u8005\u6210\u529f\u5224\u5b9a\u4e3a\u8bad\u7ec3\u6570\u636e\u3002"
     elif correct:
-        v = "**判定正确**\n\n> 攻击者的判定与真实身份一致。"
+        v = "\u2705 **\u5224\u5b9a\u6b63\u786e**\n\n> \u653b\u51fb\u8005\u5224\u5b9a\u4e0e\u771f\u5b9e\u8eab\u4efd\u4e00\u81f4\u3002"
     else:
-        v = "**防御成功**\n\n> 攻击者的判定错误，防御起到了保护作用。"
-    
-    res = (v + f"\n\n**攻击目标**: {lbl}　|　**AUC**: {auc_v:.4f}\n\n"
-           "| | 攻击者判定 | 真实身份 |\n|---|---|---|\n"
-           f"| 身份 | {pc} {pl} | {ac} {al} |\n"
-           f"| Loss | {loss:.4f} | 阈值: {thr:.4f} |\n")
-    
-    qtxt = f"**样本 #{idx}**\n\n" + clean_text(sample.get('question', ''))[:500]
+        v = "\U0001f6e1\ufe0f **\u9632\u5fa1\u6210\u529f**\n\n> \u653b\u51fb\u8005\u5224\u5b9a\u9519\u8bef\uff0c\u9632\u5fa1\u8d77\u5230\u4e86\u4fdd\u62a4\u4f5c\u7528\u3002"
+
+    res = (v + f"\n\n**\u653b\u51fb\u76ee\u6807**: {lbl}\u3000|\u3000**AUC**: {auc_v:.4f}\n\n"
+           "| | \u653b\u51fb\u8005\u5224\u5b9a | \u771f\u5b9e\u8eab\u4efd |\n|---|---|---|\n"
+           f"| \u8eab\u4efd | {pl} | {al} |\n"
+           f"| Loss | {loss:.4f} | \u9608\u503c: {thr:.4f} |\n")
+    qtxt = f"**\u6837\u672c #{idx}**\n\n" + clean_text(sample.get('question',''))[:500]
     return qtxt, gauge, res
 
-# 效用评估
-EVAL_MODEL_CHOICES = (
-    ["基线模型"] +
-    [f"标签平滑 (\u03b5={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
-    [f"输出扰动 (\u03c3={s})" for s in OP_SIGMAS]
+EVAL_CHOICES = (
+    ["\u57fa\u7ebf\u6a21\u578b"] +
+    [f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
+    [f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})" for s in OP_SIGMAS]
 )
-
-EVAL_KEY_MAP = {"基线模型": "baseline"}
+EVAL_KEY_MAP = {"\u57fa\u7ebf\u6a21\u578b": "baseline"}
 for e in [0.02, 0.05, 0.1, 0.2]:
-    EVAL_KEY_MAP[f"标签平滑 (\u03b5={e})"] = f"smooth_eps_{e}"
+    EVAL_KEY_MAP[f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})"] = f"smooth_eps_{e}"
 for s in OP_SIGMAS:
-    EVAL_KEY_MAP[f"输出扰动 (\u03c3={s})"] = "baseline"
+    EVAL_KEY_MAP[f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})"] = "baseline"
 
 def cb_eval(model_choice):
     k = EVAL_KEY_MAP.get(model_choice, "baseline")
-    acc = get_utility(k) if not model_choice.startswith("输出扰动") else bl_acc
+    acc = gu(k) if "\u8f93\u51fa\u6270\u52a8" not in model_choice else bl_acc
     q = EVAL_POOL[np.random.randint(len(EVAL_POOL))]
     ok = q.get(k, q.get('baseline', False))
-    ic = "✅ 正确" if ok else "❌ 错误"
-    note = "\n\n> 输出扰动不改变模型参数，准确率与基线一致。" if "输出扰动" in model_choice else ""
-    return (f"**模型**: {model_choice}　(准确率: {acc:.1f}%)\n\n"
-            "| 项目 | 内容 |\n|---|---|\n"
-            f"| 类型 | {q['type_cn']} |\n"
-            f"| 题目 | {q['question']} |\n"
-            f"| 正确答案 | {q['answer']} |\n"
-            f"| 判定 | {ic} |{note}")
+    ic = "\u2705 \u6b63\u786e" if ok else "\u274c \u9519\u8bef"
+    note = "\n\n> \u8f93\u51fa\u6270\u52a8\u4e0d\u6539\u53d8\u6a21\u578b\u53c2\u6570\uff0c\u51c6\u786e\u7387\u4e0e\u57fa\u7ebf\u4e00\u81f4\u3002" if "\u8f93\u51fa\u6270\u52a8" in model_choice else ""
+    return (f"**\u6a21\u578b**: {model_choice}\u3000(\u51c6\u786e\u7387: {acc:.1f}%)\n\n"
+            "| \u9879\u76ee | \u5185\u5bb9 |\n|---|---|\n"
+            f"| \u7c7b\u578b | {q['type_cn']} |\n"
+            f"| \u9898\u76ee | {q['question']} |\n"
+            f"| \u6b63\u786e\u7b54\u6848 | {q['answer']} |\n"
+            f"| \u5224\u5b9a | {ic} |{note}")
 
 # ================================================================
-# 构建完整结果表格
+# 构建完整结果表
 # ================================================================
-
 def build_full_table():
     rows = []
-    # 标签平滑
-    for k, l in zip(LS_KEYS, LS_LABELS):
+    for k, l in zip(LS_KEYS, LS_LABELS_CN):
         if k in mia_results:
-            m = mia_results[k]
-            u = get_utility(k)
-            t = "—" if k == "baseline" else "训练期"
-            auc_delta = "" if k == "baseline" else f"{m['auc'] - bl_auc:+.4f}"
+            m = mia_results[k]; u = gu(k)
+            t = "\u2014" if k == "baseline" else "\u8bad\u7ec3\u671f"
+            d = "" if k == "baseline" else f"{m['auc']-bl_auc:+.4f}"
             rows.append(f"| {l} | {t} | {m['auc']:.4f} | {m['attack_accuracy']:.4f} | "
                        f"{m['precision']:.4f} | {m['recall']:.4f} | {m['f1']:.4f} | "
                        f"{m['tpr_at_5fpr']:.4f} | {m['tpr_at_1fpr']:.4f} | "
-                       f"{m['loss_gap']:.4f} | {u:.1f}% | {auc_delta} |")
-    # 输出扰动
-    for k, l in zip(OP_KEYS, OP_LABELS):
+                       f"{m['loss_gap']:.4f} | {u:.1f}% | {d} |")
+    for k, l in zip(OP_KEYS, OP_LABELS_CN):
         if k in perturb_results:
-            m = perturb_results[k]
-            auc_delta = f"{m['auc'] - bl_auc:+.4f}"
-            rows.append(f"| {l} | 推理期 | {m['auc']:.4f} | {m['attack_accuracy']:.4f} | "
+            m = perturb_results[k]; d = f"{m['auc']-bl_auc:+.4f}"
+            rows.append(f"| {l} | \u63a8\u7406\u671f | {m['auc']:.4f} | {m['attack_accuracy']:.4f} | "
                        f"{m['precision']:.4f} | {m['recall']:.4f} | {m['f1']:.4f} | "
                        f"{m['tpr_at_5fpr']:.4f} | {m['tpr_at_1fpr']:.4f} | "
-                       f"{m['loss_gap']:.4f} | {bl_acc:.1f}% | {auc_delta} |")
-    
-    header = "| 策略 | 类型 | AUC | Acc | Prec | Rec | F1 | TPR@5% | TPR@1% | LossGap | 效用 | AUC\u0394 |\n|---|---|---|---|---|---|---|---|---|---|---|---|"
+                       f"{m['loss_gap']:.4f} | {bl_acc:.1f}% | {d} |")
+    header = ("| \u7b56\u7565 | \u7c7b\u578b | AUC | Acc | Prec | Rec | F1 | TPR@5% | TPR@1% | LossGap | \u6548\u7528 | AUC\u0394 |\n"
+              "|---|---|---|---|---|---|---|---|---|---|---|---|")
     return header + "\n" + "\n".join(rows)
 
 # ================================================================
-# CSS
+# CSS - 深色科技感主题
 # ================================================================
-
 CSS = """
-body { background-color: #f8fafc !important; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, sans-serif !important; }
-.gradio-container { max-width: 1200px !important; margin: 40px auto !important; }
-.title-area { background: #ffffff; padding: 28px 40px; border-radius: 12px;
-    box-shadow: 0 4px 6px -1px rgba(0,0,0,0.05); margin-bottom: 24px; border-left: 6px solid #2563eb; }
-.title-area h1 { color: #0f172a !important; font-size: 1.7rem !important; font-weight: 800 !important; margin: 0 0 8px 0 !important; }
-.title-area p { color: #64748b !important; font-size: 1rem !important; margin: 0 !important; }
-.tabitem { background: rgba(255,255,255,0.98) !important; border-radius: 0 0 12px 12px !important;
-    border: 1px solid #e2e8f0 !important; border-top: none !important;
-    box-shadow: 0 4px 12px rgba(0,0,0,0.05) !important; padding: 32px 40px !important;
-    min-height: 760px !important; overflow-y: auto !important; }
+/* === 全局深色背景 === */
+body {
+    background: linear-gradient(135deg, #0f172a 0%, #1e1b4b 50%, #0f172a 100%) !important;
+    font-family: 'Inter', -apple-system, BlinkMacSystemFont, 'Segoe UI', sans-serif !important;
+}
+.gradio-container {
+    max-width: 1280px !important;
+    margin: 30px auto !important;
+}
+
+/* === 标题区 - 玻璃态 === */
+.title-area {
+    background: linear-gradient(135deg, rgba(30,41,59,0.95), rgba(30,27,75,0.95));
+    backdrop-filter: blur(20px);
+    padding: 32px 44px;
+    border-radius: 16px;
+    border: 1px solid rgba(59,130,246,0.3);
+    box-shadow: 0 0 40px rgba(59,130,246,0.15), 0 8px 32px rgba(0,0,0,0.3);
+    margin-bottom: 28px;
+    position: relative;
+    overflow: hidden;
+}
+.title-area::before {
+    content: '';
+    position: absolute;
+    top: 0; left: 0; right: 0;
+    height: 3px;
+    background: linear-gradient(90deg, #3b82f6, #8b5cf6, #06b6d4);
+}
+.title-area h1 {
+    color: #f1f5f9 !important;
+    font-size: 1.8rem !important;
+    font-weight: 800 !important;
+    margin: 0 0 8px 0 !important;
+    letter-spacing: -0.02em;
+}
+.title-area p {
+    color: #94a3b8 !important;
+    font-size: 1rem !important;
+    margin: 0 !important;
+}
+.title-area .badge {
+    display: inline-block;
+    background: linear-gradient(135deg, #3b82f6, #8b5cf6);
+    color: white;
+    padding: 4px 12px;
+    border-radius: 20px;
+    font-size: 0.8rem;
+    font-weight: 600;
+    margin-top: 8px;
+}
+
+/* === Tab面板 - 玻璃态 === */
+.tabitem {
+    background: rgba(30,41,59,0.92) !important;
+    backdrop-filter: blur(10px) !important;
+    border-radius: 0 0 16px 16px !important;
+    border: 1px solid rgba(51,65,85,0.6) !important;
+    border-top: none !important;
+    box-shadow: 0 8px 32px rgba(0,0,0,0.2) !important;
+    padding: 36px 44px !important;
+    min-height: 800px !important;
+    overflow-y: auto !important;
+}
+.tabitem::-webkit-scrollbar { width: 6px; }
+.tabitem::-webkit-scrollbar-track { background: transparent; }
+.tabitem::-webkit-scrollbar-thumb { background: #475569; border-radius: 10px; }
+
+/* === Tab导航 === */
 .tab-nav { border-bottom: none !important; gap: 4px !important; }
-.tab-nav button { font-size: 15px !important; padding: 12px 24px !important; font-weight: 600 !important;
-    color: #64748b !important; background: #e2e8f0 !important; border-radius: 10px 10px 0 0 !important; }
-.tab-nav button.selected { color: #2563eb !important; background: #ffffff !important; border-top: 3px solid #2563eb !important; }
-.prose table { width: 100% !important; border-collapse: separate !important; border-spacing: 0 !important;
-    border-radius: 8px !important; overflow: hidden !important; border: 1px solid #e2e8f0 !important; font-size: 0.85rem !important; }
-.prose th { background: #f8fafc !important; color: #475569 !important; font-weight: 600 !important; padding: 10px 12px !important; }
-.prose td { padding: 10px 12px !important; color: #1e293b !important; border-bottom: 1px solid #f1f5f9 !important; }
-button.primary { background: #2563eb !important; color: white !important; border: none !important;
-    border-radius: 6px !important; font-weight: 600 !important; }
-button.primary:hover { background: #1d4ed8 !important; }
-.prose blockquote { border-left: 4px solid #3b82f6 !important; background: #eff6ff !important;
-    padding: 16px 20px !important; border-radius: 0 8px 8px 0 !important; color: #1e40af !important; }
+.tab-nav button {
+    font-size: 14px !important;
+    padding: 12px 22px !important;
+    font-weight: 600 !important;
+    color: #94a3b8 !important;
+    background: rgba(30,41,59,0.8) !important;
+    border: 1px solid rgba(51,65,85,0.5) !important;
+    border-bottom: none !important;
+    border-radius: 10px 10px 0 0 !important;
+    transition: all 0.3s ease !important;
+}
+.tab-nav button:hover {
+    color: #e2e8f0 !important;
+    background: rgba(59,130,246,0.15) !important;
+}
+.tab-nav button.selected {
+    color: #60a5fa !important;
+    background: rgba(30,41,59,0.95) !important;
+    border-top: 3px solid #3b82f6 !important;
+    box-shadow: 0 0 15px rgba(59,130,246,0.2) !important;
+}
+
+/* === 文字排版 === */
+.prose { color: #cbd5e1 !important; }
+.prose h2 {
+    font-size: 1.4rem !important;
+    color: #f1f5f9 !important;
+    font-weight: 700 !important;
+    margin-top: 0 !important;
+    padding-bottom: 12px !important;
+    border-bottom: 1px solid rgba(51,65,85,0.6) !important;
+}
+.prose h3 {
+    font-size: 1.1rem !important;
+    color: #e2e8f0 !important;
+    font-weight: 600 !important;
+}
+.prose strong { color: #f1f5f9 !important; }
+
+/* === 表格 - 深色风格 === */
+.prose table {
+    width: 100% !important;
+    border-collapse: separate !important;
+    border-spacing: 0 !important;
+    border-radius: 10px !important;
+    overflow: hidden !important;
+    border: 1px solid rgba(51,65,85,0.6) !important;
+    font-size: 0.85rem !important;
+}
+.prose th {
+    background: rgba(15,23,42,0.8) !important;
+    color: #94a3b8 !important;
+    font-weight: 600 !important;
+    padding: 10px 14px !important;
+    text-transform: uppercase;
+    font-size: 0.75rem !important;
+    letter-spacing: 0.05em;
+}
+.prose td {
+    padding: 10px 14px !important;
+    color: #e2e8f0 !important;
+    border-bottom: 1px solid rgba(51,65,85,0.3) !important;
+    background: rgba(30,41,59,0.5) !important;
+}
+.prose tr:hover td { background: rgba(59,130,246,0.08) !important; }
+
+/* === 按钮 - 渐变发光 === */
+button.primary {
+    background: linear-gradient(135deg, #3b82f6, #8b5cf6) !important;
+    color: white !important;
+    border: none !important;
+    border-radius: 8px !important;
+    font-weight: 700 !important;
+    padding: 10px 28px !important;
+    box-shadow: 0 0 20px rgba(59,130,246,0.3) !important;
+    transition: all 0.3s ease !important;
+    text-transform: uppercase !important;
+    letter-spacing: 0.05em !important;
+}
+button.primary:hover {
+    box-shadow: 0 0 30px rgba(59,130,246,0.5) !important;
+    transform: translateY(-2px) !important;
+}
+
+/* === 引用框 === */
+.prose blockquote {
+    border-left: 4px solid #3b82f6 !important;
+    background: rgba(59,130,246,0.08) !important;
+    padding: 16px 20px !important;
+    border-radius: 0 10px 10px 0 !important;
+    color: #93c5fd !important;
+}
+
+/* === Accordion === */
+.wrap { border: 1px solid rgba(51,65,85,0.5) !important; border-radius: 10px !important; background: rgba(15,23,42,0.5) !important; }
+
+/* === 输入组件 === */
+.block { border-color: rgba(51,65,85,0.5) !important; }
+label { color: #94a3b8 !important; }
+
 footer { display: none !important; }
 """
 
 # ================================================================
 # 界面
 # ================================================================
-
-with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Base(), css=CSS) as demo:
+with gr.Blocks(title="MIA\u653b\u9632\u7814\u7a76", theme=gr.themes.Base(), css=CSS) as demo:
 
     gr.HTML("""<div class="title-area">
-        <h1>教育大模型中的成员推理攻击及其防御研究</h1>
-        <p>Membership Inference Attack & Defense on Educational LLM — 11组实验 × 8维度指标</p>
+        <h1>\U0001f393 \u6559\u80b2\u5927\u6a21\u578b\u4e2d\u7684\u6210\u5458\u63a8\u7406\u653b\u51fb\u53ca\u5176\u9632\u5fa1\u7814\u7a76</h1>
+        <p>Membership Inference Attack & Defense on Educational LLM</p>
+        <div class="badge">11 Experiments \u00d7 8 Metrics \u00d7 2 Defense Strategies</div>
     </div>""")
 
-    # ═══ Tab 1: 实验总览 ═══
-    with gr.Tab("实验总览"):
-        gr.Markdown(f"""## 研究背景与目标
+    # ═══ Tab 1: \u5b9e\u9a8c\u603b\u89c8 ═══
+    with gr.Tab("\U0001f4ca \u5b9e\u9a8c\u603b\u89c8"):
+        gr.Markdown(f"""## \u7814\u7a76\u80cc\u666f
 
-大语言模型在教育领域的应用日益广泛，模型训练不可避免地接触学生敏感数据。**成员推理攻击 (MIA)** 可判断某条数据是否参与了训练，构成隐私威胁。
+\u5927\u8bed\u8a00\u6a21\u578b\u5728\u6559\u80b2\u9886\u57df\u7684\u5e94\u7528\u65e5\u76ca\u5e7f\u6cdb\uff0c\u6a21\u578b\u8bad\u7ec3\u4e0d\u53ef\u907f\u514d\u5730\u63a5\u89e6\u5b66\u751f\u654f\u611f\u6570\u636e\u3002**\u6210\u5458\u63a8\u7406\u653b\u51fb (MIA)** \u53ef\u5224\u65ad\u67d0\u6761\u6570\u636e\u662f\u5426\u53c2\u4e0e\u4e86\u8bad\u7ec3\uff0c\u6784\u6210\u9690\u79c1\u5a01\u80c1\u3002
 
-本研究基于 **{model_name}** 微调的数学辅导模型，系统验证MIA风险并评估两类防御策略。
+\u672c\u7814\u7a76\u57fa\u4e8e **{model_name}** \u5fae\u8c03\u7684\u6570\u5b66\u8f85\u5bfc\u6a21\u578b\uff0c\u7cfb\u7edf\u9a8c\u8bc1MIA\u98ce\u9669\u5e76\u8bc4\u4f30\u4e24\u7c7b\u9632\u5fa1\u7b56\u7565\u3002
 
-### 实验规模
-- **5个模型**: 1个基线 + 4组标签平滑 (\u03b5=0.02/0.05/0.1/0.2)
-- **6组输��扰动**: \u03c3=0.005/0.01/0.015/0.02/0.025/0.03
-- **8维度评估**: AUC / 攻击准确率 / 精确率 / 召回率 / F1 / TPR@5%FPR / TPR@1%FPR / Loss差距
-- **效用测试**: 300道数学题
+### \u5b9e\u9a8c\u89c4\u6a21
+| \u7ef4\u5ea6 | \u5185\u5bb9 |
+|---|---|
+| \u6a21\u578b | 1\u4e2a\u57fa\u7ebf + 4\u7ec4\u6807\u7b7e\u5e73\u6ed1 (\u03b5=0.02/0.05/0.1/0.2) |
+| \u6270\u52a8 | 6\u7ec4\u8f93\u51fa\u6270\u52a8 (\u03c3=0.005/0.01/0.015/0.02/0.025/0.03) |
+| \u6307\u6807 | AUC / \u653b\u51fb\u51c6\u786e\u7387 / \u7cbe\u786e\u7387 / \u53ec\u56de\u7387 / F1 / TPR@5%FPR / TPR@1%FPR / Loss\u5dee\u8ddd |
+| \u6570\u636e | 2000\u6761\u8f85\u5bfc\u5bf9\u8bdd (1000\u6210\u5458 + 1000\u975e\u6210\u5458) |
+| \u6548\u7528 | 300\u9053\u6570\u5b66\u6d4b\u8bd5\u9898 |
 """)
-        with gr.Accordion("展开查看：完整实验结果表（11组×8维度）", open=True):
+        with gr.Accordion("\U0001f4cb \u5b8c\u6574\u5b9e\u9a8c\u7ed3\u679c\u8868\uff0811\u7ec4 \u00d7 8\u7ef4\u5ea6\uff09", open=True):
             gr.Markdown(build_full_table())
-            gr.Markdown("> AUC越接近0.5 = 防御越有效；效用越高 = 模型能力越好。AUC\u0394为相对基线的变化。")
+            gr.Markdown("> **\u89e3\u8bfb**: AUC\u8d8a\u63a5\u8fd10.5 = \u9632\u5fa1\u8d8a\u6709\u6548\uff1b\u6548\u7528\u8d8a\u9ad8 = \u6a21\u578b\u80fd\u529b\u8d8a\u597d\u3002AUC\u0394\u4e3a\u76f8\u5bf9\u57fa\u7ebf\u7684\u53d8\u5316\u3002")
 
-    # ═══ Tab 2: 数据与模型 ═══
-    with gr.Tab("数据与模型"):
-        gr.Markdown("""## 实验数据集
+    # ═══ Tab 2: \u6570\u636e\u4e0e\u6a21\u578b ═══
+    with gr.Tab("\U0001f4c1 \u6570\u636e\u4e0e\u6a21\u578b"):
+        gr.Markdown("""\
+## \u5b9e\u9a8c\u6570\u636e\u96c6
 
-| 数据组 | 数量 | 用途 | 说明 |
+| \u6570\u636e\u7ec4 | \u6570\u91cf | \u7528\u9014 | \u8bf4\u660e |
 |---|---|---|---|
-| 成员数据 | 1000条 | 模型训练 | 模型会\"记住\"，Loss偏低 |
-| 非成员数据 | 1000条 | 攻击对照 | 模型\"没见过\"，Loss偏高 |
+| \u6210\u5458\u6570\u636e | 1000\u6761 | \u6a21\u578b\u8bad\u7ec3 | \u6a21\u578b\u4f1a\"\u8bb0\u4f4f\"\uff0cLoss\u504f\u4f4e |
+| \u975e\u6210\u5458\u6570\u636e | 1000\u6761 | \u653b\u51fb\u5bf9\u7167 | \u6a21\u578b\"\u6ca1\u89c1\u8fc7\"\uff0cLoss\u504f\u9ad8 |
 
-| 任务类别 | 数量 | 占比 |
+| \u4efb\u52a1\u7c7b\u522b | \u6570\u91cf | \u5360\u6bd4 |
 |---|---|---|
-| 基础计算 | 800 | 40% |
-| 应用题 | 600 | 30% |
-| 概念问答 | 400 | 20% |
-| 错题订正 | 200 | 10% |
+| \u57fa\u7840\u8ba1\u7b97 | 800 | 40% |
+| \u5e94\u7528\u9898 | 600 | 30% |
+| \u6982\u5ff5\u95ee\u7b54 | 400 | 20% |
+| \u9519\u9898\u8ba2\u6b63 | 200 | 10% |
 
-> 两组数据格式完全相同（均含隐私字段），攻击者无法从格式区分。
+> \u4e24\u7ec4\u6570\u636e\u683c\u5f0f\u5b8c\u5168\u76f8\u540c\uff08\u5747\u542b\u9690\u79c1\u5b57\u6bb5\uff09\uff0c\u653b\u51fb\u8005\u65e0\u6cd5\u4ece\u683c\u5f0f\u533a\u5206\u3002
 """)
-        gr.Markdown("### 数据样例浏览")
+        gr.Markdown("### \u6570\u636e\u6837\u4f8b\u6d4f\u89c8")
         with gr.Row():
             with gr.Column(scale=2):
-                d_src = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"],
-                                value="成员数据（训练集）", label="数据来源")
-                d_btn = gr.Button("随机提取样本", variant="primary")
+                d_src = gr.Radio(["\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09", "\u975e\u6210\u5458\u6570\u636e\uff08\u6d4b\u8bd5\u96c6\uff09"],
+                                value="\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09", label="\u6570\u636e\u6765\u6e90")
+                d_btn = gr.Button("\U0001f3b2 \u968f\u673a\u63d0\u53d6\u6837\u672c", variant="primary")
                 d_meta = gr.Markdown()
             with gr.Column(scale=3):
-                d_q = gr.Textbox(label="学生提问", lines=4, interactive=False)
-                d_a = gr.Textbox(label="标准回答", lines=4, interactive=False)
+                d_q = gr.Textbox(label="\u5b66\u751f\u63d0\u95ee", lines=5, interactive=False)
+                d_a = gr.Textbox(label="\u6807\u51c6\u56de\u7b54", lines=5, interactive=False)
         d_btn.click(cb_sample, [d_src], [d_meta, d_q, d_a])
 
-    # ═══ Tab 3: 攻击验证 ═══
-    with gr.Tab("攻击验证"):
-        gr.Markdown("## 成员推理攻击交互演示\n\n选择攻击目标与数据源，系统执行Loss计算并判定数据归属。")
+    # ═══ Tab 3: \u653b\u51fb\u9a8c\u8bc1 ═══
+    with gr.Tab("\U0001f3af \u653b\u51fb\u9a8c\u8bc1"):
+        gr.Markdown("## \u6210\u5458\u63a8\u7406\u653b\u51fb\u4ea4\u4e92\u6f14\u793a\n\n\u9009\u62e9\u653b\u51fb\u76ee\u6807\u4e0e\u6570\u636e\u6e90\uff0c\u7cfb\u7edf\u6267\u884cLoss\u8ba1\u7b97\u5e76\u5224\u5b9a\u6570\u636e\u5f52\u5c5e\u3002")
         with gr.Row():
             with gr.Column(scale=2):
-                a_target = gr.Radio(ATK_CHOICES, value=ATK_CHOICES[0], label="攻击目标")
-                a_src = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"],
-                                value="成员数据（训练集）", label="数据来源")
-                a_idx = gr.Slider(0, 999, step=1, value=12, label="样本ID")
-                a_btn = gr.Button("执行成员推理攻击", variant="primary", size="lg")
+                a_target = gr.Radio(ATK_CHOICES, value=ATK_CHOICES[0], label="\u653b\u51fb\u76ee\u6807")
+                a_src = gr.Radio(["\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09", "\u975e\u6210\u5458\u6570\u636e\uff08\u6d4b\u8bd5\u96c6\uff09"],
+                                value="\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09", label="\u6570\u636e\u6765\u6e90")
+                a_idx = gr.Slider(0, 999, step=1, value=12, label="\u6837\u672cID")
+                a_btn = gr.Button("\u26a1 \u6267\u884c\u6210\u5458\u63a8\u7406\u653b\u51fb", variant="primary", size="lg")
                 a_qtxt = gr.Markdown()
             with gr.Column(scale=3):
-                a_gauge = gr.Plot(label="Loss位置判定")
+                a_gauge = gr.Plot(label="Loss Decision Boundary")
                 a_res = gr.Markdown()
         a_btn.click(cb_attack, [a_idx, a_src, a_target], [a_qtxt, a_gauge, a_res])
 
-    # ═══ Tab 4: 防御分析 ═══
-    with gr.Tab("防御分析"):
-        with gr.Accordion("AUC对比柱状图（11组）", open=True):
-            gr.Markdown("> 柱子越矮 = AUC越低 = 防御越有效")
-            gr.Plot(value=fig_auc_bar())
+    # ═══ Tab 4: \u591a\u7ef4\u5ea6\u9632\u5fa1\u5206\u6790\uff08\u6838\u5fc3\u5347\u7ea7\uff01\uff09 ═══
+    with gr.Tab("\U0001f6e1\ufe0f \u9632\u5fa1\u5206\u6790"):
+
+        gr.Markdown("## \u591a\u7ef4\u5ea6\u653b\u9632\u6548\u679c\u5bf9\u6bd4\u5206\u6790")
+
+        # ---- \u7b2c\u4e00\u7ec4: AUC\u5bf9\u6bd4 + \u96f7\u8fbe\u56fe ----
+        gr.Markdown("### 1\ufe0f\u20e3 \u653b\u51fb\u6210\u529f\u7387\u5bf9\u6bd4 (AUC)")
+        gr.Markdown("""\
+> **AUC (Area Under ROC Curve)** \u662fMIA\u653b\u51fb\u7684\u6838\u5fc3\u6307\u6807\u3002AUC=0.5\u8868\u793a\u968f\u673a\u731c\u6d4b\uff0c\u8d8a\u9ad8\u8868\u793a\u653b\u51fb\u8d8a\u6210\u529f\u3002
+> - \u57fa\u7ebf\u6a21\u578bAUC=**{0}** \u2192 \u653b\u51fb\u8005\u660e\u663e\u4f18\u4e8e\u968f\u673a\u731c\u6d4b
+> - \u6807\u7b7e\u5e73\u6ed1\u5c06AUC\u4ece{0}\u964d\u81f3{1}\uff0c\u964d\u5e45**{2:.1f}%**
+> - \u8f93\u51fa\u6270\u52a8\u5c06AUC\u4ece{0}\u964d\u81f3{3}\uff0c\u964d\u5e45**{4:.1f}%**
+""".format(f"{bl_auc:.4f}",
+           f"{gm('smooth_eps_0.2','auc'):.4f}",
+           (bl_auc - gm('smooth_eps_0.2','auc'))/bl_auc*100,
+           f"{gm('perturbation_0.03','auc'):.4f}",
+           (bl_auc - gm('perturbation_0.03','auc'))/bl_auc*100))
+        gr.Plot(value=fig_auc_bar())
+
+        gr.Markdown("### 2\ufe0f\u20e3 \u591a\u6307\u6807\u96f7\u8fbe\u56fe\u5bf9\u6bd4\uff08Baseline vs \u9632\u5fa1\uff09")
+        gr.Markdown("""\
+> \u96f7\u8fbe\u56fe\u540c\u65f6\u5c55\u793a8\u4e2a\u7ef4\u5ea6\u7684\u653b\u51fb\u80fd\u529b\u3002\u7ea2\u8272\uff08Baseline\uff09\u9762\u79ef\u8d8a\u5927 = \u653b\u51fb\u8d8a\u5f3a\uff1b\u84dd\u8272/\u7eff\u8272\uff08\u9632\u5fa1\uff09\u9762\u79ef\u8d8a\u5c0f = \u9632\u5fa1\u8d8a\u6709\u6548\u3002
+> \u53ef\u4ee5\u770b\u5230\u9632\u5fa1\u540e\u6240\u6709\u7ef4\u5ea6\u5747\u6709\u7f29\u5c0f\uff0c\u7279\u522b\u662fTPR@\u4f4eFPR\u4e0bLoss Gap\u964d\u5e45\u663e\u8457\u3002
+""")
+        gr.Plot(value=fig_radar_compare())
+
+        # ---- \u7b2c\u4e8c\u7ec4: ROC\u66f2\u7ebf ----
+        gr.Markdown("### 3\ufe0f\u20e3 ROC\u66f2\u7ebf\u5bf9\u6bd4\uff08\u653b\u51fb\u6548\u679c\u7684\u6700\u76f4\u63a5\u8bc1\u636e\uff09")
+        gr.Markdown("""\
+> **ROC\u66f2\u7ebf**\u5c55\u793a\u4e86\u5728\u4e0d\u540c\u5224\u5b9a\u9608\u503c\u4e0b\uff0c\u653b\u51fb\u8005\u7684\u771f\u9633\u6027\u7387(TPR)\u4e0e\u5047\u9633\u6027\u7387(FPR)\u7684\u5173\u7cfb\u3002
+> - **\u66f2\u7ebf\u8d8a\u9760\u8fd1\u5de6\u4e0a\u89d2** = \u653b\u51fb\u8d8a\u6210\u529f\uff08\u9ad8TPR\u4f4eFPR\uff09
+> - **\u66f2\u7ebf\u8d8a\u63a5\u8fd1\u5bf9\u89d2\u7ebf** = \u653b\u51fb\u8d8a\u63a5\u8fd1\u968f\u673a\u731c\u6d4b = \u9632\u5fa1\u8d8a\u6709\u6548
+> - \u5de6\u56fe\uff1a\u968f\u7740\u03b5\u589e\u5927\uff0cROC\u66f2\u7ebf\u9010\u6e10\u5411\u5bf9\u89d2\u7ebf\u9760\u62e2\uff0c\u8bc1\u660e\u6807\u7b7e\u5e73\u6ed1\u6709\u6548\u964d\u4f4e\u653b\u51fb\u80fd\u529b
+> - \u53f3\u56fe\uff1a\u968f\u7740\u03c3\u589e\u5927\uff0c\u540c\u6837\u7684\u8d8b\u52bf\uff0c\u8bc1\u660e\u8f93\u51fa\u6270\u52a8\u6709\u6548\u906e\u853d\u653b\u51fb\u4fe1\u53f7
+""")
+        gr.Plot(value=fig_roc_curves())
+
+        # ---- \u7b2c\u4e09\u7ec4: TPR@\u4f4eFPR ----
+        gr.Markdown("### 4\ufe0f\u20e3 \u4f4e\u8bef\u62a5\u7387\u4e0b\u7684\u653b\u51fb\u80fd\u529b\uff08TPR@FPR\uff09")
+        gr.Markdown(f"""\
+> **\u8fd9\u662f\u8861\u91cf\u653b\u51fb\u5371\u5bb3\u7684\u6700\u4e25\u683c\u6307\u6807\u3002** \u5728\u73b0\u5b9e\u4e2d\uff0c\u653b\u51fb\u8005\u901a\u5e38\u91c7\u7528\u4fdd\u5b88\u7b56\u7565\uff08\u4f4e\u8bef\u62a5\uff09\uff0c\u53ea\u5bf9\u201c\u5f88\u6709\u628a\u63e1\u201d\u7684\u6837\u672c\u4e0b\u7ed3\u8bba\u3002
+>
+> - **TPR@5%FPR**: \u6bcf\u8bef\u5224100\u4e2a\u65e0\u8f9c\u4eba\u4e2d\u7684\u7ea65\u4e2a\uff0c\u80fd\u6b63\u786e\u8bc6\u522b\u51fa\u591a\u5c11\u771f\u6210\u5458
+> - **TPR@1%FPR**: \u66f4\u4e25\u683c\uff0c\u6bcf\u8bef\u5224100\u4e2a\u4e2d\u7684\u7ea61\u4e2a
+>
+> \u57fa\u7ebf\u6a21\u578b TPR@5%FPR = **{gm('baseline','tpr_at_5fpr'):.4f}**\uff0c\u610f\u5473\u7740\u653b\u51fb\u8005\u5728\u4ec5\u201c\u5192\u72af\u201d5%\u7684\u98ce\u9669\u4e0b\uff0c
+> \u4ecd\u80fd\u8bc6\u522b\u51fa **{gm('baseline','tpr_at_5fpr')*100:.1f}%** \u7684\u8bad\u7ec3\u6210\u5458\u3002\u9632\u5fa1\u540e\u6b64\u6bd4\u4f8b\u5927\u5e45\u4e0b\u964d\u3002
+""")
+        gr.Plot(value=fig_tpr_at_low_fpr())
+
+        # ---- \u7b2c\u56db\u7ec4: Loss\u5dee\u8ddd ----
+        gr.Markdown("### 5\ufe0f\u20e3 Loss\u5dee\u8ddd\u5bf9\u6bd4\uff08\u653b\u51fb\u7684\u6839\u6e90\uff09")
+        gr.Markdown("""\
+> **Loss Gap = \u975e\u6210\u5458\u5e73\u5747Loss - \u6210\u5458\u5e73\u5747Loss**\u3002\u8fd9\u662fMIA\u653b\u51fb\u5f97\u4ee5\u5b9e\u65bd\u7684\u6839\u672c\u539f\u56e0\u3002
+> Gap\u8d8a\u5927 = \u6210\u5458\u548c\u975e\u6210\u5458\u8d8a\u5bb9\u6613\u533a\u5206 = \u653b\u51fb\u8d8a\u5bb9\u6613\u6210\u529f\u3002
+> \u9632\u5fa1\u7684\u76ee\u6807\u5c31\u662f\u7f29\u5c0f\u8fd9\u4e2a\u5dee\u8ddd\u3002
+""")
+        gr.Plot(value=fig_loss_gap_waterfall())
+
+        # ---- \u7b2c\u4e94\u7ec4: \u53c2\u6570\u8d8b\u52bf ----
+        gr.Markdown("### 6\ufe0f\u20e3 \u9632\u5fa1\u53c2\u6570\u4e0e\u6548\u679c\u7684\u5173\u7cfb\uff08\u8d8b\u52bf\u7ebf\uff09")
+        gr.Markdown("""\
+> \u5de6\u56fe\u5c55\u793a\u6807\u7b7e\u5e73\u6ed1\u53c2\u6570\u03b5\u4e0eAUC/\u6548\u7528\u7684\u53cc\u8f74\u5173\u7cfb\uff1a
+> - \u7ea2\u7ebf(AUC)\u5355\u8c03\u9012\u51cf \u2192 \u9632\u5fa1\u6301\u7eed\u589e\u5f3a
+> - \u7eff\u7ebf(\u6548\u7528)\u53cd\u5347 \u2192 \u6b63\u5219\u5316\u63d0\u5347\u6cdb\u5316\uff08\u201c\u53cc\u8d62\u201d\uff09
+>
+> \u53f3\u56fe\u5c55\u793a\u8f93\u51fa\u6270\u52a8\u53c2\u6570\u03c3\u4e0eAUC\u7684\u5173\u7cfb\uff1a
+> - \u7eff\u8272\u586b\u5145\u533a\u57df = AUC\u964d\u4f4e\u91cf = \u9632\u5fa1\u6536\u76ca
+> - \u03c3\u8d8a\u5927\u964d\u4f4e\u8d8a\u591a\uff0c\u4e14\u6548\u7528\u59cb\u7ec8\u4e0d\u53d8
+""")
+        gr.Plot(value=fig_auc_trend())
 
-        with gr.Accordion("Loss分布对比（标签平滑 5个模型）", open=False):
-            gr.Markdown("> 蓝色=成员，红色=非成员。重叠越多=攻击越难")
+        # ---- \u7b2c\u516d\u7ec4: Loss\u5206\u5e03 ----
+        gr.Markdown("### 7\ufe0f\u20e3 Loss\u5206\u5e03\u53ef\u89c6\u5316")
+        with gr.Accordion("\u6807\u7b7e\u5e73\u6ed1\u6a21\u578b\u7684Loss\u5206\u5e03\uff085\u4e2a\u6a21\u578b\uff09", open=False):
+            gr.Markdown("> \u84dd\u8272=\u6210\u5458\uff0c\u7ea2\u8272=\u975e\u6210\u5458\u3002\u4e24\u8272\u91cd\u53e0\u8d8a\u591a = \u653b\u51fb\u8005\u8d8a\u96be\u533a\u5206 = \u9632\u5fa1\u8d8a\u6709\u6548")
             gr.Plot(value=fig_loss_dist())
-
-        with gr.Accordion("输出扰动效果（6组\u03c3）", open=False):
+        with gr.Accordion("\u8f93\u51fa\u6270\u52a8\u7684Loss\u5206\u5e03\uff086\u7ec4\u03c3\uff09", open=False):
+            gr.Markdown("> \u5728\u57fa\u7ebf\u6a21\u578bLoss\u4e0a\u52a0\u566a\u58f0\uff0c\u968f\u03c3\u589e\u5927\u5206\u5e03\u66f4\u52a0\u91cd\u53e0")
             gr.Plot(value=fig_perturb_dist())
 
-        with gr.Accordion("完整数据表 + 防御机制说明", open=False):
+        # ---- \u5b8c\u6574\u6570\u636e\u8868 ----
+        with gr.Accordion("\U0001f4cb \u5b8c\u6574\u6570\u636e\u8868 + \u9632\u5fa1\u673a\u5236\u8bf4\u660e", open=False):
             gr.Markdown(build_full_table())
-            gr.Markdown("""
-### 防御机制对比
+            gr.Markdown("""\
+### \u9632\u5fa1\u673a\u5236\u5bf9\u6bd4
 
-| 维度 | 标签平滑 | 输出扰动 |
+| \u7ef4\u5ea6 | \u6807\u7b7e\u5e73\u6ed1 | \u8f93\u51fa\u6270\u52a8 |
 |---|---|---|
-| **阶段** | 训练期 | 推理期 |
-| **原理** | 软化标签降低记忆 | Loss加噪遮蔽信号 |
-| **需重训** | 是 | 否 |
-| **效用影响** | 正则化可能提升 | 完全无影响 |
-| **部署** | 训练时介入 | 即插即用 |
+| **\u9636\u6bb5** | \u8bad\u7ec3\u671f | \u63a8\u7406\u671f |
+| **\u539f\u7406** | \u8f6f\u5316\u6807\u7b7e\u964d\u4f4e\u8bb0\u5fc6 | Loss\u52a0\u566a\u906e\u853d\u4fe1\u53f7 |
+| **\u9700\u91cd\u8bad** | \u662f | \u5426 |
+| **\u6548\u7528\u5f71\u54cd** | \u6b63\u5219\u5316\u53ef\u80fd\u63d0\u5347 | \u5b8c\u5168\u65e0\u5f71\u54cd |
+| **\u90e8\u7f72** | \u8bad\u7ec3\u65f6\u4ecb\u5165 | \u5373\u63d2\u5373\u7528 |
 
-**标签平滑公式**: `y_smooth = (1 - ε) × y_onehot + ε / V`
+**\u6807\u7b7e\u5e73\u6ed1\u516c\u5f0f**: `y_smooth = (1 - \u03b5) \u00d7 y_onehot + \u03b5 / V`
 
-**输出扰动公式**: `L_perturbed = L_original + N(0, σ²)`
+**\u8f93\u51fa\u6270\u52a8\u516c\u5f0f**: `L_perturbed = L_original + N(0, \u03c3\u00b2)`
 """)
 
-    # ═══ Tab 5: 效用评估 ═══
-    with gr.Tab("效用评估"):
-        gr.Markdown("## 模型效用测试\n\n> 基于300道数学测试题评估各策略的实际能力影响")
+    # ═══ Tab 5: \u6548\u7528\u8bc4\u4f30 ═══
+    with gr.Tab("\u2696\ufe0f \u6548\u7528\u8bc4\u4f30"):
+        gr.Markdown("## \u6a21\u578b\u6548\u7528\u6d4b\u8bd5\n\n> \u57fa\u4e8e300\u9053\u6570\u5b66\u6d4b\u8bd5\u9898\u8bc4\u4f30\u5404\u7b56\u7565\u7684\u5b9e\u9645\u80fd\u529b\u5f71\u54cd")
+
+        gr.Markdown("### \u6548\u7528\u5bf9\u6bd4\u4e0e\u9690\u79c1-\u6548\u7528\u6743\u8861")
         with gr.Row():
             with gr.Column():
                 gr.Plot(value=fig_acc_bar())
             with gr.Column():
                 gr.Plot(value=fig_tradeoff())
 
-        gr.Markdown("### 在线抽样演示")
+        gr.Markdown(f"""\
+### \u6548\u7528\u5206\u6790
+
+> **\u5173\u952e\u53d1\u73b0\uff1a\u6807\u7b7e\u5e73\u6ed1\u5b9e\u73b0\u4e86\u201c\u9690\u79c1-\u6548\u7528\u53cc\u8d62\u201d**
+>
+> - \u57fa\u7ebf\u6548\u7528: **{bl_acc:.1f}%**
+> - LS(\u03b5=0.1): **{gu('smooth_eps_0.1'):.1f}%** (\u2191{gu('smooth_eps_0.1')-bl_acc:+.1f}%)\uff0c\u540c\u65f6AUC\u4e0b\u964d\u81f3{gm('smooth_eps_0.1','auc'):.4f}
+> - LS(\u03b5=0.2): **{gu('smooth_eps_0.2'):.1f}%** (\u2191{gu('smooth_eps_0.2')-bl_acc:+.1f}%)\uff0c\u540c\u65f6AUC\u4e0b\u964d\u81f3{gm('smooth_eps_0.2','auc'):.4f}
+> - \u8f93\u51fa\u6270\u52a8\uff1a\u6548\u7528\u59cb\u7ec8\u4e3a{bl_acc:.1f}%\uff08\u96f6\u635f\u5931\uff09
+>
+> \u6807\u7b7e\u5e73\u6ed1\u7684\u6b63\u5219\u5316\u6548\u5e94\u9632\u6b62\u4e86\u8fc7\u62df\u5408\uff0c\u63d0\u5347\u4e86\u6cdb\u5316\u80fd\u529b\u3002
+""")
+
+        gr.Markdown("### \u5728\u7ebf\u62bd\u6837\u6f14\u793a")
         with gr.Row():
             with gr.Column(scale=1):
-                e_model = gr.Radio(EVAL_MODEL_CHOICES, value="基线模型", label="选择模型")
-                e_btn = gr.Button("随机抽题测试", variant="primary")
+                e_model = gr.Radio(EVAL_CHOICES, value="\u57fa\u7ebf\u6a21\u578b", label="\u9009\u62e9\u6a21\u578b")
+                e_btn = gr.Button("\U0001f9ea \u968f\u673a\u62bd\u9898\u6d4b\u8bd5", variant="primary")
             with gr.Column(scale=2):
                 e_res = gr.Markdown()
         e_btn.click(cb_eval, [e_model], [e_res])
 
-    # ═══ Tab 6: 研究结论 ═══
-    with gr.Tab("研究结论"):
-        gr.Markdown(f"""## 核心研究发现
+    # ═══ Tab 6: \u7814\u7a76\u7ed3\u8bba ═══
+    with gr.Tab("\U0001f4dd \u7814\u7a76\u7ed3\u8bba"):
+        gr.Markdown(f"""\
+## \u6838\u5fc3\u7814\u7a76\u53d1\u73b0
 
 ---
 
-### 一、教育大模型存在可量化的MIA风险
+### \u4e00\u3001\u6559\u80b2\u5927\u6a21\u578b\u5b58\u5728\u53ef\u91cf\u5316\u7684MIA\u98ce\u9669
 
-基线模型 AUC = **{bl_auc:.4f}** > 0.5，成员平均Loss ({bl_m_mean:.4f}) < 非成员 ({bl_nm_mean:.4f})。
-攻击者判定正确率 {get_metric('baseline','attack_accuracy',0)*100:.1f}%，远超随机猜测的50%。
-
-### 二、标签平滑（训练期防御）
+| \u6307\u6807 | \u57fa\u7ebf\u503c | \u542b\u4e49 |
+|---|---|---|
+| AUC | **{bl_auc:.4f}** | \u653b\u51fb\u8005\u660e\u663e\u4f18\u4e8e\u968f\u673a\u731c\u6d4b(0.5) |
+| \u653b\u51fb\u51c6\u786e\u7387 | **{gm('baseline','attack_accuracy')*100:.1f}%** | \u8d85\u8fc7\u534a\u6570\u6837\u672c\u88ab\u6b63\u786e\u5224\u5b9a |
+| TPR@5%FPR | **{gm('baseline','tpr_at_5fpr'):.4f}** | \u4f4e\u8bef\u62a5\u4e0b\u4ecd\u53ef\u8bc6\u522b{gm('baseline','tpr_at_5fpr')*100:.1f}%\u6210\u5458 |
+| Loss Gap | **{gm('baseline','loss_gap'):.4f}** | \u6210\u5458\u4e0e\u975e\u6210\u5458\u5b58\u5728\u53ef\u5229\u7528\u7684\u5dee\u5f02 |
 
-| 参数 | AUC | 效用 | 特点 |
-|---|---|---|---|
-| \u03b5=0.02 | {get_metric('smooth_eps_0.02','auc',0):.4f} | {get_utility('smooth_eps_0.02'):.1f}% | 轻度防御 |
-| \u03b5=0.05 | {get_metric('smooth_eps_0.05','auc',0):.4f} | {get_utility('smooth_eps_0.05'):.1f}% | 温和防御 |
-| \u03b5=0.1 | {get_metric('smooth_eps_0.1','auc',0):.4f} | {get_utility('smooth_eps_0.1'):.1f}% | 推荐配置 |
-| \u03b5=0.2 | {get_metric('smooth_eps_0.2','auc',0):.4f} | {get_utility('smooth_eps_0.2'):.1f}% | 强力防御 |
+### \u4e8c\u3001\u6807\u7b7e\u5e73\u6ed1\u9632\u5fa1\u6548\u679c
 
-标签平滑通过正则化同时提升了隐私保护和模型效用（效用从{bl_acc:.1f}%升至{get_utility('smooth_eps_0.2'):.1f}%）。
+| \u53c2\u6570 | AUC | AUC\u964d\u5e45 | \u6548\u7528 | \u7279\u70b9 |
+|---|---|---|---|---|
+| \u03b5=0.02 | {gm('smooth_eps_0.02','auc'):.4f} | {bl_auc-gm('smooth_eps_0.02','auc'):.4f} | {gu('smooth_eps_0.02'):.1f}% | \u8f7b\u5ea6\u9632\u5fa1 |
+| \u03b5=0.05 | {gm('smooth_eps_0.05','auc'):.4f} | {bl_auc-gm('smooth_eps_0.05','auc'):.4f} | {gu('smooth_eps_0.05'):.1f}% | \u6e29\u548c\u9632\u5fa1 |
+| \u03b5=0.1 | {gm('smooth_eps_0.1','auc'):.4f} | {bl_auc-gm('smooth_eps_0.1','auc'):.4f} | {gu('smooth_eps_0.1'):.1f}% | **\u63a8\u8350\u914d\u7f6e** |
+| \u03b5=0.2 | {gm('smooth_eps_0.2','auc'):.4f} | {bl_auc-gm('smooth_eps_0.2','auc'):.4f} | {gu('smooth_eps_0.2'):.1f}% | \u5f3a\u529b\u9632\u5fa1 |
 
-### 三、输出扰动（推理期防御）
+### \u4e09\u3001\u8f93\u51fa\u6270\u52a8\u9632\u5fa1\u6548\u679c
 
-| 参数 | AUC | AUC降幅 | 效用 |
-|---|---|---|---|
-| \u03c3=0.005 | {get_metric('perturbation_0.005','auc',0):.4f} | {bl_auc-get_metric('perturbation_0.005','auc',0):.4f} | {bl_acc:.1f}% |
-| \u03c3=0.01 | {get_metric('perturbation_0.01','auc',0):.4f} | {bl_auc-get_metric('perturbation_0.01','auc',0):.4f} | {bl_acc:.1f}% |
-| \u03c3=0.02 | {get_metric('perturbation_0.02','auc',0):.4f} | {bl_auc-get_metric('perturbation_0.02','auc',0):.4f} | {bl_acc:.1f}% |
-| \u03c3=0.03 | {get_metric('perturbation_0.03','auc',0):.4f} | {bl_auc-get_metric('perturbation_0.03','auc',0):.4f} | {bl_acc:.1f}% |
+| \u53c2\u6570 | AUC | AUC\u964d\u5e45 | \u6548\u7528 | \u7279\u70b9 |
+|---|---|---|---|---|
+| \u03c3=0.005 | {gm('perturbation_0.005','auc'):.4f} | {bl_auc-gm('perturbation_0.005','auc'):.4f} | {bl_acc:.1f}% | \u5fae\u5f31\u6270\u52a8 |
+| \u03c3=0.01 | {gm('perturbation_0.01','auc'):.4f} | {bl_auc-gm('perturbation_0.01','auc'):.4f} | {bl_acc:.1f}% | \u8f7b\u5ea6\u6270\u52a8 |
+| \u03c3=0.02 | {gm('perturbation_0.02','auc'):.4f} | {bl_auc-gm('perturbation_0.02','auc'):.4f} | {bl_acc:.1f}% | **\u63a8\u8350\u914d\u7f6e** |
+| \u03c3=0.03 | {gm('perturbation_0.03','auc'):.4f} | {bl_auc-gm('perturbation_0.03','auc'):.4f} | {bl_acc:.1f}% | \u5f3a\u529b\u6270\u52a8 |
 
-**零效用损失，适合已部署系统的后期加固。**
+> **\u96f6\u6548\u7528\u635f\u5931\uff0c\u9002\u5408\u5df2\u90e8\u7f72\u7cfb\u7edf\u7684\u540e\u671f\u52a0\u56fa\u3002**
 
-### 四、最佳实践建议
+### \u56db\u3001\u6700\u4f73\u5b9e\u8df5\u5efa\u8bae
 
-> 两类策略机制互补：标签平滑从训练阶段降低记忆，输出扰动从推理阶段遮蔽信号。
-> 推荐组合: **LS(\u03b5=0.1) + OP(\u03c3=0.02)** — 兼顾隐私保护与模型效用。
+> \u4e24\u7c7b\u7b56\u7565\u673a\u5236\u4e92\u8865\uff1a\u6807\u7b7e\u5e73\u6ed1\u4ece\u8bad\u7ec3\u9636\u6bb5\u964d\u4f4e\u8bb0\u5fc6\uff0c\u8f93\u51fa\u6270\u52a8\u4ece\u63a8\u7406\u9636\u6bb5\u906e\u853d\u4fe1\u53f7\u3002
+> **\u63a8\u8350\u7ec4\u5408: LS(\u03b5=0.1) + OP(\u03c3=0.02)** \u2014 \u517c\u987e\u9690\u79c1\u4fdd\u62a4\u4e0e\u6a21\u578b\u6548\u7528\u3002
 """)
 
 demo.launch()