Spaces:

xiaohy
/

MathTutor-MIA-Defense

Sleeping

App Files Files Community

xiaohy commited on 3 days ago

Commit

36e76dd

verified ·

1 Parent(s): 68b3703

Update app.py

Browse files

Files changed (1) hide show

app.py +644 -508

app.py CHANGED Viewed

@@ -1,7 +1,11 @@
 # ================================================================
-# 教育大模型MIA攻防研究 v5.0 - 干净对齐·卡片式布局
 # ================================================================
-import os, json, re
 import numpy as np
 import matplotlib
 matplotlib.use('Agg')
@@ -9,564 +13,696 @@ import matplotlib.pyplot as plt
 from sklearn.metrics import roc_curve, roc_auc_score
 import gradio as gr
-BASE = os.path.dirname(os.path.abspath(__file__))
-def lj(p):
-    with open(os.path.join(BASE,p),'r',encoding='utf-8') as f: return json.load(f)
-def ct(t):
-    if not isinstance(t,str): return str(t)
-    return re.sub(r'[\U00010000-\U0010ffff]','',re.sub(r'[\u200b-\u206f\ufeff]','',t)).strip()
-mem=lj("data/member.json"); nmem=lj("data/non_member.json")
-cfg=lj("config.json"); ad=lj("results/all_results.json")
-MR=ad["mia_results"]; PR=ad["perturbation_results"]; UR=ad["utility_results"]; FL=ad["full_losses"]
-mn=cfg.get('model_name','Qwen/Qwen2.5-Math-1.5B-Instruct')
-# === Keys ===
-LK=["baseline","smooth_eps_0.02","smooth_eps_0.05","smooth_eps_0.1","smooth_eps_0.2"]
-LE=["Baseline","LS(e=0.02)","LS(e=0.05)","LS(e=0.1)","LS(e=0.2)"]
-OS=[0.005,0.01,0.015,0.02,0.025,0.03]
-OK=[f"perturbation_{s}" for s in OS]; OE=[f"OP(s={s})" for s in OS]
-def gm(k,m,d=0):
-    if k in MR: return MR[k].get(m,d)
-    if k in PR: return PR[k].get(m,d)
-    return d
-def gu(k):
-    if k in UR: return UR[k].get("accuracy",0)*100
-    if k.startswith("perturbation_"): return UR.get("baseline",{}).get("accuracy",0)*100
-    return 0
-BA=gm("baseline","auc"); BAC=gu("baseline")
-BMM=gm("baseline","member_loss_mean"); BNM=gm("baseline","non_member_loss_mean")
-TC={'calculation':'\u57fa\u7840\u8ba1\u7b97','word_problem':'\u5e94\u7528\u9898','concept':'\u6982\u5ff5\u95ee\u7b54','error_correction':'\u9519\u9898\u8ba2\u6b63'}
-# === Colors ===
-CL={'bg':'#F7F8FA','card':'#FFFFFF','bdr':'#E8ECF1','tx':'#1D2939','tx2':'#475467','tx3':'#98A2B3',
-    'blue':'#2E90FA','blue_l':'#EFF8FF','blue_d':'#1570EF',
-    'purple':'#7A5AF8','purple_l':'#F4F3FF',
-    'teal':'#15B79E','teal_l':'#F0FDF9',
-    'red':'#F04438','red_l':'#FEF3F2',
-    'orange':'#F79009','orange_l':'#FFFAEB',
-    'green':'#12B76A','green_l':'#ECFDF3',
-    'base':'#98A2B3',
-    'ls':['#B2DDFF','#84CAFF','#53B1FD','#2E90FA'],
-    'op':['#A6F4C5','#6CE9A6','#32D583','#12B76A','#039855','#027A48']}
-def sax(fig,ax):
-    fig.patch.set_facecolor('white')
-    ax.set_facecolor('white')
-    ax.tick_params(colors=CL['tx2'],labelsize=9)
-    for s in ['top','right']: ax.spines[s].set_visible(False)
-    for s in ['bottom','left']: ax.spines[s].set_color(CL['bdr'])
-    ax.grid(axis='y',color='#F2F4F7',lw=0.8)
-    ax.xaxis.label.set_color(CL['tx']); ax.yaxis.label.set_color(CL['tx']); ax.title.set_color(CL['tx'])
-# === Eval pool ===
-np.random.seed(777)
-EP=[]
-for _i in range(300):
-    r=np.random.random()
-    if r<0.5:
-        a,b=int(np.random.randint(10,500)),int(np.random.randint(10,500))
-        op=['+','-','x'][_i%3]
-        if op=='+': q,ans=f"{a}+{b}=?",str(a+b)
-        elif op=='-': q,ans=f"{a}-{b}=?",str(a-b)
-        else: q,ans=f"{a}x{b}=?",str(a*b)
-        tc='\u57fa\u7840\u8ba1\u7b97'
-    elif r<0.8:
-        a,b=int(np.random.randint(5,200)),int(np.random.randint(3,50))
-        q,ans=f"Had {a}, got {b} more?",str(a+b); tc='\u5e94\u7528\u9898'
-    else:
-        cs=[("area","Space of shape"),("perimeter","Boundary length"),("fraction","Equal parts")]
-        cn,df=cs[_i%len(cs)]; q,ans=f"What is {cn}?",df; tc='\u6982\u5ff5\u95ee\u7b54'
-    it={'question':q,'answer':ans,'tc':tc}
-    for k in LK: it[k]=bool(np.random.random()<gu(k)/100)
-    EP.append(it)
 # ================================================================
-# CHARTS - 统一尺寸 统一风格
 # ================================================================
-CHART_W, CHART_H = 13, 5.2
-def fig_auc_bar():
-    ns,vs,cs=[],[],[]
-    lc=[CL['base']]+CL['ls']
-    for i,(k,l) in enumerate(zip(LK,LE)):
-        if k in MR: ns.append(l);vs.append(MR[k]['auc']);cs.append(lc[i])
-    for i,(k,l) in enumerate(zip(OK,OE)):
-        if k in PR: ns.append(l);vs.append(PR[k]['auc']);cs.append(CL['op'][i])
-    fig,ax=plt.subplots(figsize=(CHART_W,CHART_H)); sax(fig,ax)
-    bars=ax.bar(range(len(ns)),vs,color=cs,width=0.62,edgecolor='white',lw=2,zorder=3)
-    for b,v in zip(bars,vs):
-        ax.text(b.get_x()+b.get_width()/2,v+0.003,f'{v:.4f}',ha='center',fontsize=8.5,fontweight='bold',color=CL['tx'])
-    ax.axhline(0.5,color=CL['red'],ls='--',lw=1.3,alpha=0.5,label='Random (0.5)')
-    ax.axhline(BA,color=CL['orange'],ls=':',lw=1,alpha=0.5,label=f'Baseline ({BA:.4f})')
-    ax.set_ylabel('MIA AUC',fontsize=11,fontweight='600')
-    ax.set_title('AUC Comparison Across 11 Configurations',fontsize=12,fontweight='700',pad=12)
-    ax.set_ylim(0.48,max(vs)+0.04); ax.set_xticks(range(len(ns)))
-    ax.set_xticklabels(ns,rotation=30,ha='right',fontsize=8.5)
-    ax.legend(fontsize=9,framealpha=0.9,edgecolor=CL['bdr']); plt.tight_layout(); return fig
-def fig_radar():
-    ms=['AUC','Atk Acc','Prec','Recall','F1','TPR@5%','TPR@1%','Gap']
-    mk=['auc','attack_accuracy','precision','recall','f1','tpr_at_5fpr','tpr_at_1fpr','loss_gap']
-    cfs=[("Baseline","baseline",CL['red']),("LS(e=0.1)","smooth_eps_0.1",CL['blue']),
-         ("LS(e=0.2)","smooth_eps_0.2",CL['purple']),("OP(s=0.02)","perturbation_0.02",CL['green'])]
-    N=len(ms); ag=np.linspace(0,2*np.pi,N,endpoint=False).tolist()+[0]
-    fig,ax=plt.subplots(figsize=(7,7),subplot_kw=dict(polar=True))
-    fig.patch.set_facecolor('white'); ax.set_facecolor('white')
-    mx=[max(gm(k,m) for _,k,_ in cfs) for m in mk]; mx=[m if m>0 else 1 for m in mx]
-    for nm,ky,cl in cfs:
-        v=[gm(ky,m)/mx[i] for i,m in enumerate(mk)]+[gm(ky,mk[0])/mx[0]]
-        ax.plot(ag,v,'o-',lw=2.5,label=nm,color=cl,ms=6); ax.fill(ag,v,alpha=0.06,color=cl)
-    ax.set_xticks(ag[:-1]); ax.set_xticklabels(ms,fontsize=9.5,color=CL['tx'])
-    ax.set_yticklabels([]); ax.set_title('Multi-Metric Radar',fontsize=12,fontweight='700',color=CL['tx'],pad=20)
-    ax.legend(loc='upper right',bbox_to_anchor=(1.3,1.1),fontsize=9.5,framealpha=0.9,edgecolor=CL['bdr'])
-    ax.spines['polar'].set_color(CL['bdr']); ax.grid(color=CL['bdr'],alpha=0.5)
-    plt.tight_layout(); return fig
-def fig_roc():
-    fig,axes=plt.subplots(1,2,figsize=(CHART_W,CHART_H))
-    for a in axes: sax(fig,a)
-    ax=axes[0]; lc=[CL['red']]+CL['ls']
-    for i,(k,l) in enumerate(zip(LK,LE)):
-        if k not in FL: continue
-        m=np.array(FL[k]['member_losses']); nm=np.array(FL[k]['non_member_losses'])
-        yt=np.concatenate([np.ones(len(m)),np.zeros(len(nm))]); ys=np.concatenate([-m,-nm])
-        fp,tp,_=roc_curve(yt,ys); a=roc_auc_score(yt,ys)
-        ax.plot(fp,tp,color=lc[i],lw=2.2 if i==0 else 1.8,label=f'{l} ({a:.4f})')
-    ax.plot([0,1],[0,1],'--',color=CL['tx3'],lw=1)
-    ax.set_xlabel('FPR',fontsize=10,fontweight='600'); ax.set_ylabel('TPR',fontsize=10,fontweight='600')
-    ax.set_title('ROC: Label Smoothing',fontsize=11,fontweight='700',pad=10)
-    ax.legend(fontsize=8.5,framealpha=0.9,edgecolor=CL['bdr'])
-    ax=axes[1]
-    if 'baseline' in FL:
-        ml=np.array(FL['baseline']['member_losses']); nl=np.array(FL['baseline']['non_member_losses'])
-        yt=np.concatenate([np.ones(len(ml)),np.zeros(len(nl))]); ys=np.concatenate([-ml,-nl])
-        fp,tp,_=roc_curve(yt,ys); ax.plot(fp,tp,color=CL['red'],lw=2.2,label=f'Baseline ({BA:.4f})')
-        for i,s in enumerate(OS):
-            rm=np.random.RandomState(42); rn=np.random.RandomState(137)
-            mp=ml+rm.normal(0,s,len(ml)); np_=nl+rn.normal(0,s,len(nl))
-            ysp=np.concatenate([-mp,-np_]); fpp,tpp,_=roc_curve(yt,ysp); ap=roc_auc_score(yt,ysp)
-            ax.plot(fpp,tpp,color=CL['op'][i],lw=1.5,label=f'OP(s={s}) ({ap:.4f})')
-    ax.plot([0,1],[0,1],'--',color=CL['tx3'],lw=1)
-    ax.set_xlabel('FPR',fontsize=10,fontweight='600'); ax.set_ylabel('TPR',fontsize=10,fontweight='600')
-    ax.set_title('ROC: Output Perturbation',fontsize=11,fontweight='700',pad=10)
-    ax.legend(fontsize=7.5,framealpha=0.9,edgecolor=CL['bdr'],loc='lower right')
-    plt.tight_layout(); return fig
-def fig_tpr():
-    fig,axes=plt.subplots(1,2,figsize=(CHART_W,CHART_H))
-    for a in axes: sax(fig,a)
-    labs,t5,t1,cs=[],[],[],[]
-    lc=[CL['base']]+CL['ls']
-    for i,(k,l) in enumerate(zip(LK,LE)):
-        labs.append(l);t5.append(gm(k,'tpr_at_5fpr'));t1.append(gm(k,'tpr_at_1fpr'));cs.append(lc[i])
-    for i,(k,l) in enumerate(zip(OK,OE)):
-        labs.append(l);t5.append(gm(k,'tpr_at_5fpr'));t1.append(gm(k,'tpr_at_1fpr'));cs.append(CL['op'][i])
-    x=range(len(labs))
-    for ax,d,ti,rd in [(axes[0],t5,'TPR @ 5% FPR',0.05),(axes[1],t1,'TPR @ 1% FPR',0.01)]:
-        bars=ax.bar(x,d,color=cs,width=0.6,edgecolor='white',lw=1.5,zorder=3)
-        for b,v in zip(bars,d):
-            ax.text(b.get_x()+b.get_width()/2,v+0.003,f'{v:.3f}',ha='center',fontsize=7.5,fontweight='bold',color=CL['tx'])
-        ax.axhline(rd,color=CL['orange'],ls='--',lw=1,alpha=0.5,label=f'Random ({rd})')
-        ax.set_ylabel('TPR',fontsize=10,fontweight='600'); ax.set_title(ti,fontsize=11,fontweight='700',pad=10)
-        ax.set_xticks(x); ax.set_xticklabels(labs,rotation=40,ha='right',fontsize=7.5)
-        ax.legend(fontsize=8.5,framealpha=0.9,edgecolor=CL['bdr'])
-    plt.tight_layout(); return fig
-def fig_gap():
-    fig,ax=plt.subplots(figsize=(CHART_W,CHART_H)); sax(fig,ax)
-    ns,gs,cs=[],[],[]
-    lc=[CL['base']]+CL['ls']
-    for i,(k,l) in enumerate(zip(LK,LE)):ns.append(l);gs.append(gm(k,'loss_gap'));cs.append(lc[i])
-    for i,(k,l) in enumerate(zip(OK,OE)):ns.append(l);gs.append(gm(k,'loss_gap'));cs.append(CL['op'][i])
-    bars=ax.bar(range(len(ns)),gs,color=cs,width=0.6,edgecolor='white',lw=1.5,zorder=3)
-    for b,v in zip(bars,gs):
-        ax.text(b.get_x()+b.get_width()/2,v+0.0002,f'{v:.4f}',ha='center',fontsize=8,fontweight='bold',color=CL['tx'])
-    ax.set_ylabel('Loss Gap',fontsize=11,fontweight='600')
-    ax.set_title('Member vs Non-Member Loss Gap',fontsize=12,fontweight='700',pad=12)
-    ax.set_xticks(range(len(ns))); ax.set_xticklabels(ns,rotation=30,ha='right',fontsize=8.5)
-    plt.tight_layout(); return fig
-def fig_trend():
-    fig,axes=plt.subplots(1,2,figsize=(CHART_W,CHART_H))
-    for a in axes: sax(fig,a)
-    ax=axes[0]; eps=[0,0.02,0.05,0.1,0.2]; aucs=[gm(k,'auc') for k in LK]; accs=[gu(k) for k in LK]
-    ax2=ax.twinx()
-    l1=ax.plot(eps,aucs,'o-',color=CL['red'],lw=2.5,ms=9,label='MIA AUC',zorder=5)
-    l2=ax2.plot(eps,accs,'s--',color=CL['green'],lw=2.5,ms=9,label='Utility %',zorder=5)
-    ax.axhline(0.5,color=CL['tx3'],ls=':',alpha=0.4)
-    ax.set_xlabel('Epsilon',fontsize=10,fontweight='600'); ax.set_ylabel('MIA AUC',fontsize=10,fontweight='600',color=CL['red'])
-    ax2.set_ylabel('Utility %',fontsize=10,fontweight='600',color=CL['green'])
-    ax.set_title('Label Smoothing: AUC & Utility',fontsize=11,fontweight='700',pad=10)
-    ax.tick_params(axis='y',labelcolor=CL['red']); ax2.tick_params(axis='y',labelcolor=CL['green'])
-    ls=l1+l2; ax.legend(ls,[l.get_label() for l in ls],fontsize=9,framealpha=0.9,edgecolor=CL['bdr'])
-    ax=axes[1]; sigs=OS; ao=[gm(k,'auc') for k in OK]
-    ax.plot(sigs,ao,'o-',color=CL['teal'],lw=2.5,ms=9,zorder=5,label='MIA AUC')
-    ax.fill_between(sigs,ao,BA,alpha=0.1,color=CL['teal'],label='AUC Reduction')
-    ax.axhline(BA,color=CL['red'],ls='--',lw=1.3,alpha=0.5,label=f'Baseline ({BA:.4f})')
-    ax.axhline(0.5,color=CL['tx3'],ls=':',alpha=0.4)
-    ax.set_xlabel('Sigma',fontsize=10,fontweight='600'); ax.set_ylabel('MIA AUC',fontsize=10,fontweight='600')
-    ax.set_title('Output Perturbation: AUC vs Sigma',fontsize=11,fontweight='700',pad=10)
-    ax.legend(fontsize=9,framealpha=0.9,edgecolor=CL['bdr']); plt.tight_layout(); return fig
-def fig_loss_dist():
-    its=[(k,l,gm(k,'auc')) for k,l in zip(LK,LE) if k in FL]
-    n=len(its);
-    if n==0: return plt.figure()
-    fig,axes=plt.subplots(1,n,figsize=(3.8*n,4));
-    if n==1: axes=[axes]
-    for ax in axes: sax(fig,ax)
-    for ax,(k,l,a) in zip(axes,its):
-        m=FL[k]['member_losses']; nm=FL[k]['non_member_losses']
-        bins=np.linspace(min(min(m),min(nm)),max(max(m),max(nm)),28)
-        ax.hist(m,bins=bins,alpha=0.5,color=CL['blue'],label='Member',density=True)
-        ax.hist(nm,bins=bins,alpha=0.5,color=CL['red'],label='Non-Mem',density=True)
-        ax.set_title(f'{l} | AUC={a:.4f}',fontsize=9,fontweight='700')
-        ax.set_xlabel('Loss',fontsize=8); ax.legend(fontsize=7,framealpha=0.9)
-    plt.tight_layout(); return fig
-def fig_acc():
-    ns,vs,cs=[],[],[]
-    lc=[CL['base']]+CL['ls']
-    for i,(k,l) in enumerate(zip(LK,LE)):
-        if k in UR: ns.append(l);vs.append(UR[k]['accuracy']*100);cs.append(lc[i])
-    for i,(k,l) in enumerate(zip(OK,OE)):
-        if k in PR: ns.append(l);vs.append(BAC);cs.append(CL['op'][i])
-    fig,ax=plt.subplots(figsize=(CHART_W,CHART_H)); sax(fig,ax)
-    bars=ax.bar(range(len(ns)),vs,color=cs,width=0.62,edgecolor='white',lw=2,zorder=3)
-    for b,v in zip(bars,vs):
-        ax.text(b.get_x()+b.get_width()/2,v+0.5,f'{v:.1f}%',ha='center',fontsize=8.5,fontweight='bold',color=CL['tx'])
-    ax.set_ylabel('Accuracy %',fontsize=11,fontweight='600')
-    ax.set_title('Model Utility (300 Test Questions)',fontsize=12,fontweight='700',pad=12)
-    ax.set_ylim(0,100); ax.set_xticks(range(len(ns))); ax.set_xticklabels(ns,rotation=30,ha='right',fontsize=8.5)
-    plt.tight_layout(); return fig
-def fig_tradeoff():
-    fig,ax=plt.subplots(figsize=(10,7)); sax(fig,ax)
-    ms=['o','s','s','s','s']; lc=[CL['base']]+CL['ls']
-    for i,(k,l) in enumerate(zip(LK,LE)):
-        if k in MR and k in UR:
-            ax.scatter(UR[k]['accuracy']*100,MR[k]['auc'],label=l,marker=ms[i],color=lc[i],s=200,edgecolors='white',lw=2.5,zorder=5)
-    om=['^','D','v','P','X','h']
-    for i,(k,l) in enumerate(zip(OK,OE)):
-        if k in PR: ax.scatter(BAC,PR[k]['auc'],label=l,marker=om[i],color=CL['op'][i],s=200,edgecolors='white',lw=2.5,zorder=5)
-    ax.axhline(0.5,color=CL['tx3'],ls='--',alpha=0.5,label='Random (0.5)')
-    ax.set_xlabel('Utility (Accuracy %)',fontsize=11,fontweight='600')
-    ax.set_ylabel('Privacy Risk (MIA AUC)',fontsize=11,fontweight='600')
-    ax.set_title('Privacy-Utility Trade-off',fontsize=13,fontweight='700',pad=12)
-    ax.legend(fontsize=7.5,loc='upper left',ncol=2,framealpha=0.9,edgecolor=CL['bdr'])
-    plt.tight_layout(); return fig
-def fig_gauge(lv,mm,nm,thr,ms_v,ns_v):
-    fig,ax=plt.subplots(figsize=(10,2.6))
-    fig.patch.set_facecolor('white'); ax.set_facecolor('white')
-    xlo=min(mm-3.5*ms_v,lv-0.005); xhi=max(nm+3.5*ns_v,lv+0.005)
-    ax.axvspan(xlo,thr,alpha=0.06,color=CL['blue'])
-    ax.axvspan(thr,xhi,alpha=0.06,color=CL['red'])
-    ax.axvline(thr,color=CL['tx'],lw=2,zorder=3)
-    ax.text(thr,1.08,f'Threshold={thr:.4f}',ha='center',va='bottom',fontsize=9,fontweight='bold',color=CL['tx'],transform=ax.get_xaxis_transform())
-    mc=CL['blue'] if lv<thr else CL['red']
-    ax.plot(lv,0.5,marker='v',ms=16,color=mc,zorder=5,transform=ax.get_xaxis_transform())
-    ax.text(lv,0.78,f'Loss={lv:.4f}',ha='center',fontsize=10,fontweight='bold',color=mc,transform=ax.get_xaxis_transform(),bbox=dict(boxstyle='round,pad=.3',fc='white',ec=mc,alpha=0.95))
-    ax.text((xlo+thr)/2,0.35,'Member Zone',ha='center',fontsize=10,color=CL['blue'],alpha=0.35,fontweight='bold',transform=ax.get_xaxis_transform())
-    ax.text((thr+xhi)/2,0.35,'Non-Member Zone',ha='center',fontsize=10,color=CL['red'],alpha=0.35,fontweight='bold',transform=ax.get_xaxis_transform())
-    ax.set_xlim(xlo,xhi); ax.set_yticks([])
     for s in ax.spines.values(): s.set_visible(False)
-    ax.spines['bottom'].set_visible(True); ax.spines['bottom'].set_color(CL['bdr'])
-    ax.tick_params(colors=CL['tx2']); ax.set_xlabel('Loss Value',fontsize=9,color=CL['tx2'])
     plt.tight_layout(); return fig
 # ================================================================
-# Callbacks
 # ================================================================
 def cb_sample(src):
-    pool=mem if "\u8bad\u7ec3" in src else nmem
-    s=pool[np.random.randint(len(pool))]; m=s['metadata']
-    meta_html=f"""<table style="width:100%;border-collapse:collapse;font-size:14px;">
-<tr><td style="padding:8px 12px;color:#475467;border-bottom:1px solid #F2F4F7;">\U0001f464 \u59d3\u540d</td><td style="padding:8px 12px;font-weight:600;border-bottom:1px solid #F2F4F7;">{ct(str(m.get('name','')))}</td></tr>
-<tr><td style="padding:8px 12px;color:#475467;border-bottom:1px solid #F2F4F7;">\U0001f194 \u5b66\u53f7</td><td style="padding:8px 12px;font-weight:600;border-bottom:1px solid #F2F4F7;">{ct(str(m.get('student_id','')))}</td></tr>
-<tr><td style="padding:8px 12px;color:#475467;border-bottom:1px solid #F2F4F7;">\U0001f3eb \u73ed\u7ea7</td><td style="padding:8px 12px;font-weight:600;border-bottom:1px solid #F2F4F7;">{ct(str(m.get('class','')))}</td></tr>
-<tr><td style="padding:8px 12px;color:#475467;border-bottom:1px solid #F2F4F7;">\U0001f4ca \u6210\u7ee9</td><td style="padding:8px 12px;font-weight:600;border-bottom:1px solid #F2F4F7;">{m.get('score','')}\u5206</td></tr>
-<tr><td style="padding:8px 12px;color:#475467;">\U0001f4d6 \u7c7b\u578b</td><td style="padding:8px 12px;font-weight:600;">{TC.get(s.get('task_type',''),'')}</td></tr>
-</table>"""
-    return meta_html, ct(s.get('question','')), ct(s.get('answer',''))
-ATK_C=["\u57fa\u7ebf\u6a21\u578b (Baseline)"]+[f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})" for e in [0.02,0.05,0.1,0.2]]+[f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})" for s in OS]
-ATK_M={"\u57fa\u7ebf\u6a21\u578b (Baseline)":"baseline"}
-for e in [0.02,0.05,0.1,0.2]: ATK_M[f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})"]=f"smooth_eps_{e}"
-for s in OS: ATK_M[f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})"]=f"perturbation_{s}"
-def cb_attack(idx,src,target):
-    is_mem="\u8bad\u7ec3" in src; pool=mem if is_mem else nmem
-    idx=min(int(idx),len(pool)-1); sample=pool[idx]
-    key=ATK_M.get(target,"baseline"); is_op=key.startswith("perturbation_")
     if is_op:
-        sigma=float(key.split("_")[1]); fr=FL.get('baseline',{})
-        lk='member_losses' if is_mem else 'non_member_losses'; ll=fr.get(lk,[])
-        bl=ll[idx] if idx<len(ll) else float(np.random.normal(BMM if is_mem else BNM,0.02))
-        np.random.seed(idx*1000+int(sigma*10000)); loss=bl+np.random.normal(0,sigma)
-        mm,nmv,msv,nsv=BMM,BNM,gm("baseline","member_loss_std",0.03),gm("baseline","non_member_loss_std",0.03)
-        av=gm(key,"auc"); lbl=f"OP(\u03c3={sigma})"
     else:
-        info=MR.get(key,MR.get('baseline',{})); fr=FL.get(key,FL.get('baseline',{}))
-        lk='member_losses' if is_mem else 'non_member_losses'; ll=fr.get(lk,[])
-        loss=ll[idx] if idx<len(ll) else float(np.random.normal(info.get('member_loss_mean',0.19),0.02))
-        mm=info.get('member_loss_mean',0.19);nmv=info.get('non_member_loss_mean',0.20)
-        msv=info.get('member_loss_std',0.03);nsv=info.get('non_member_loss_std',0.03)
-        av=info.get('auc',0); lbl="Baseline" if key=="baseline" else f"LS(\u03b5={key.replace('smooth_eps_','')})"
-    thr=(mm+nmv)/2; pred=loss<thr; correct=pred==is_mem
-    gauge=fig_gauge(loss,mm,nmv,thr,msv,nsv)
     if correct and pred and is_mem:
-        badge='<div style="background:#FEF3F2;border:1px solid #FECDCA;border-radius:10px;padding:14px 18px;margin-bottom:12px;"><span style="font-size:16px;">\u26a0\ufe0f</span> <strong style="color:#B42318;">\u653b\u51fb\u6210\u529f\uff1a\u9690\u79c1\u6cc4\u9732</strong><br><span style="color:#912018;font-size:13px;">\u6a21\u578b\u5bf9\u8be5\u6837\u672c\u8fc7\u4e8e\u719f\u6089\uff0cLoss\u4f4e\u4e8e\u9608\u503c\uff0c\u653b\u51fb\u8005\u6210\u529f\u5224\u5b9a\u4e3a\u8bad\u7ec3\u6570\u636e\u3002</span></div>'
     elif correct:
-        badge='<div style="background:#F0FDF9;border:1px solid #99F6E4;border-radius:10px;padding:14px 18px;margin-bottom:12px;"><span style="font-size:16px;">\u2705</span> <strong style="color:#115E59;">\u5224\u5b9a\u6b63\u786e</strong></div>'
     else:
-        badge='<div style="background:#EFF8FF;border:1px solid #B2DDFF;border-radius:10px;padding:14px 18px;margin-bottom:12px;"><span style="font-size:16px;">\U0001f6e1\ufe0f</span> <strong style="color:#1849A9;">\u9632\u5fa1\u6210\u529f</strong><br><span style="color:#1849A9;font-size:13px;">\u653b\u51fb\u8005\u5224\u5b9a\u9519\u8bef\uff0c\u9632\u5fa1\u8d77\u5230\u4e86\u4fdd\u62a4\u4f5c\u7528\u3002</span></div>'
-    pl="\U0001f7e2 \u975e\u8bad\u7ec3\u6210\u5458" if not pred else "\U0001f534 \u8bad\u7ec3\u6210\u5458"
-    al="\U0001f534 \u8bad\u7ec3\u6210\u5458" if is_mem else "\U0001f7e2 \u975e\u8bad\u7ec3\u6210\u5458"
-    res_html=f"""{badge}
-<div style="font-size:13px;color:#475467;margin-bottom:14px;">\U0001f3af \u653b\u51fb\u76ee\u6807: <strong>{lbl}</strong> &nbsp;|&nbsp; \U0001f4ca AUC: <strong>{av:.4f}</strong></div>
-<table style="width:100%;border-collapse:collapse;border:1px solid #E8ECF1;border-radius:8px;overflow:hidden;font-size:13px;">
-<tr style="background:#F9FAFB;"><th style="padding:10px 14px;text-align:left;color:#475467;font-weight:600;"></th><th style="padding:10px 14px;text-align:left;color:#475467;font-weight:600;">\u653b\u51fb\u8005\u5224\u5b9a</th><th style="padding:10px 14px;text-align:left;color:#475467;font-weight:600;">\u771f\u5b9e\u8eab\u4efd</th></tr>
-<tr><td style="padding:10px 14px;border-top:1px solid #F2F4F7;font-weight:600;">\u8eab\u4efd</td><td style="padding:10px 14px;border-top:1px solid #F2F4F7;">{pl}</td><td style="padding:10px 14px;border-top:1px solid #F2F4F7;">{al}</td></tr>
-<tr><td style="padding:10px 14px;border-top:1px solid #F2F4F7;font-weight:600;">Loss</td><td style="padding:10px 14px;border-top:1px solid #F2F4F7;">{loss:.4f}</td><td style="padding:10px 14px;border-top:1px solid #F2F4F7;">\u9608\u503c: {thr:.4f}</td></tr>
-</table>"""
-    qtxt=f"\U0001f4cb \u6837\u672c\u53f7 **#{idx}**\n\n{ct(sample.get('question',''))[:500]}"
-    return qtxt,gauge,res_html
-EV_C=["\u57fa\u7ebf\u6a21\u578b"]+[f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})" for e in [0.02,0.05,0.1,0.2]]+[f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})" for s in OS]
-EV_M={"\u57fa\u7ebf\u6a21\u578b":"baseline"}
-for e in [0.02,0.05,0.1,0.2]: EV_M[f"\u6807\u7b7e\u5e73\u6ed1 (\u03b5={e})"]=f"smooth_eps_{e}"
-for s in OS: EV_M[f"\u8f93\u51fa\u6270\u52a8 (\u03c3={s})"]="baseline"
-def cb_eval(mc):
-    k=EV_M.get(mc,"baseline"); acc=gu(k) if "\u8f93\u51fa\u6270\u52a8" not in mc else BAC
-    q=EP[np.random.randint(len(EP))]; ok=q.get(k,q.get('baseline',False))
-    ic="\u2705 \u6b63\u786e" if ok else "\u274c \u9519\u8bef"
-    nt="<br><em style='color:#667085;font-size:12px;'>\u8f93\u51fa\u6270\u52a8\u4e0d\u6539\u53d8\u6a21\u578b\u53c2\u6570\uff0c\u51c6\u786e\u7387\u4e0e\u57fa\u7ebf\u4e00\u81f4</em>" if "\u8f93\u51fa\u6270\u52a8" in mc else ""
-    return f"""<div style="background:white;border:1px solid #E8ECF1;border-radius:12px;padding:20px;">
-<div style="font-size:13px;color:#475467;margin-bottom:10px;">\u6a21\u578b: <strong>{mc}</strong> &nbsp;|&nbsp; \u51c6\u786e\u7387: <strong>{acc:.1f}%</strong>{nt}</div>
-<table style="width:100%;border-collapse:collapse;font-size:13px;">
-<tr><td style="padding:8px 0;color:#475467;border-bottom:1px solid #F2F4F7;width:80px;">\u7c7b\u578b</td><td style="padding:8px 0;border-bottom:1px solid #F2F4F7;">{q['tc']}</td></tr>
-<tr><td style="padding:8px 0;color:#475467;border-bottom:1px solid #F2F4F7;">\u9898\u76ee</td><td style="padding:8px 0;border-bottom:1px solid #F2F4F7;">{q['question']}</td></tr>
-<tr><td style="padding:8px 0;color:#475467;border-bottom:1px solid #F2F4F7;">\u7b54\u6848</td><td style="padding:8px 0;border-bottom:1px solid #F2F4F7;">{q['answer']}</td></tr>
-<tr><td style="padding:8px 0;color:#475467;">\u5224\u5b9a</td><td style="padding:8px 0;font-weight:600;">{ic}</td></tr>
-</table></div>"""
-def build_table():
-    rows=[]
-    for k,l in zip(LK,["\u57fa\u7ebf","LS(\u03b5=0.02)","LS(\u03b5=0.05)","LS(\u03b5=0.1)","LS(\u03b5=0.2)"]):
-        if k in MR:
-            m=MR[k];u=gu(k);t="\u2014" if k=="baseline" else "\u8bad\u7ec3\u671f";d="" if k=="baseline" else f"{m['auc']-BA:+.4f}"
             rows.append(f"| {l} | {t} | {m['auc']:.4f} | {m['attack_accuracy']:.4f} | {m['precision']:.4f} | {m['recall']:.4f} | {m['f1']:.4f} | {m['tpr_at_5fpr']:.4f} | {m['tpr_at_1fpr']:.4f} | {m['loss_gap']:.4f} | {u:.1f}% | {d} |")
-    for k,l in zip(OK,[f"OP(\u03c3={s})" for s in OS]):
-        if k in PR:
-            m=PR[k];d=f"{m['auc']-BA:+.4f}"
-            rows.append(f"| {l} | \u63a8\u7406\u671f | {m['auc']:.4f} | {m['attack_accuracy']:.4f} | {m['precision']:.4f} | {m['recall']:.4f} | {m['f1']:.4f} | {m['tpr_at_5fpr']:.4f} | {m['tpr_at_1fpr']:.4f} | {m['loss_gap']:.4f} | {BAC:.1f}% | {d} |")
-    return "| \u7b56\u7565 | \u7c7b\u578b | AUC | Acc | Prec | Rec | F1 | TPR@5% | TPR@1% | Gap | \u6548\u7528 | \u0394AUC |\n|---|---|---|---|---|---|---|---|---|---|---|---|\n"+"\n".join(rows)
 # ================================================================
-# CSS
 # ================================================================
-CSS="""
-@import url('https://fonts.googleapis.com/css2?family=Inter:wght@400;500;600;700;800&display=swap');
-body { background:#F7F8FA !important; font-family:'Inter',-apple-system,sans-serif !important; }
-.gradio-container { max-width:1260px !important; margin:20px auto !important; }
-.hero-box { background:white; border-radius:16px; padding:32px 40px; margin-bottom:20px;
-    border:1px solid #E8ECF1; box-shadow:0 1px 3px rgba(0,0,0,0.04);
-    background-image: linear-gradient(135deg, rgba(46,144,250,0.03) 0%, rgba(122,90,248,0.03) 100%); }
-.hero-box h1 { color:#1D2939 !important; font-size:1.65rem !important; font-weight:800 !important; margin:0 0 4px !important; }
-.hero-box .sub { color:#667085; font-size:0.92rem; margin:0 0 14px; }
-.hero-box .badges { display:flex; gap:8px; flex-wrap:wrap; }
-.hero-box .badge { padding:4px 14px; border-radius:20px; font-size:0.75rem; font-weight:600; }
-.b1{background:#EFF8FF;color:#175CD3;border:1px solid #B2DDFF}
-.b2{background:#F4F3FF;color:#5925DC;border:1px solid #D9D6FE}
-.b3{background:#F0FDF9;color:#107569;border:1px solid #99F6E4}
-.tabitem { background:white !important; border-radius:0 0 14px 14px !important;
-    border:1px solid #E8ECF1 !important; border-top:none !important;
-    box-shadow:0 1px 3px rgba(0,0,0,0.04) !important;
-    padding:32px 36px !important; min-height:700px !important; }
-.tab-nav { border-bottom:none !important; gap:2px !important; }
-.tab-nav button { font-size:14px !important; padding:11px 20px !important; font-weight:600 !important;
-    color:#667085 !important; background:#F2F4F7 !important; border:none !important;
-    border-radius:10px 10px 0 0 !important; }
-.tab-nav button:hover { color:#2E90FA !important; background:#EFF8FF !important; }
-.tab-nav button.selected { color:#175CD3 !important; background:white !important;
-    border-bottom:2px solid white !important; box-shadow:0 -2px 0 0 #2E90FA inset !important; }
-.prose{color:#344054 !important}
-.prose h2{font-size:1.3rem !important;color:#1D2939 !important;font-weight:700 !important;margin-top:0 !important;
-    padding-bottom:10px !important;border-bottom:2px solid #F2F4F7 !important}
-.prose h3{font-size:1.05rem !important;color:#344054 !important;font-weight:600 !important}
-.prose strong{color:#1D2939 !important}
-.prose table{width:100% !important;border-collapse:separate !important;border-spacing:0 !important;
-    border-radius:10px !important;overflow:hidden !important;border:1px solid #E8ECF1 !important;font-size:0.82rem !important}
-.prose th{background:#F9FAFB !important;color:#475467 !important;font-weight:600 !important;padding:9px 12px !important;
-    font-size:0.72rem !important;text-transform:uppercase;letter-spacing:0.04em;border-bottom:2px solid #E8ECF1 !important}
-.prose td{padding:9px 12px !important;color:#344054 !important;border-bottom:1px solid #F2F4F7 !important}
-.prose tr:hover td{background:#F9FAFB !important}
-button.primary{background:linear-gradient(135deg,#2E90FA,#1570EF) !important;color:white !important;
-    border:none !important;border-radius:10px !important;font-weight:700 !important;
-    box-shadow:0 1px 3px rgba(46,144,250,0.3) !important;transition:all 0.2s !important}
-button.primary:hover{box-shadow:0 4px 12px rgba(46,144,250,0.35) !important;transform:translateY(-1px) !important}
-.prose blockquote{border-left:3px solid #2E90FA !important;background:#EFF8FF !important;
-    padding:12px 16px !important;border-radius:0 8px 8px 0 !important;color:#1849A9 !important;font-size:0.88rem !important}
-.info-card{background:linear-gradient(135deg,#EFF8FF,#F4F3FF);border:1px solid #D6BBFB;
-    border-radius:10px;padding:16px 20px;margin:10px 0}
-footer{display:none !important}
 """
 # ================================================================
-# UI
 # ================================================================
-with gr.Blocks(title="MIA\u653b\u9632\u7814\u7a76",theme=gr.themes.Soft(),css=CSS) as demo:
-    gr.HTML("""<div class="hero-box">
-        <h1>\U0001f393 \u6559\u80b2\u5927\u6a21\u578b\u4e2d\u7684\u6210\u5458\u63a8\u7406\u653b\u51fb\u53ca\u5176\u9632\u5fa1\u7814\u7a76</h1>
-        <p class="sub">Membership Inference Attack & Defense on Educational LLM</p>
-        <div class="badges">
-            <span class="badge b1">\U0001f4ca 11 Experiments</span>
-            <span class="badge b2">\U0001f9ea 8 Metrics</span>
-            <span class="badge b3">\U0001f6e1\ufe0f 2 Defenses</span>
-        </div>
     </div>""")
-    with gr.Tab("\U0001f4ca \u5b9e\u9a8c\u603b\u89c8"):
-        gr.Markdown(f"## \U0001f4cc \u7814\u7a76\u80cc\u666f\u4e0e\u76ee\u6807\n\n\u672c\u7814\u7a76\u57fa\u4e8e **{mn}** \u5fae\u8c03\u7684\u6570\u5b66\u8f85\u5bfc\u6a21\u578b\uff0c\u7cfb\u7edf\u9a8c\u8bc1\u6210\u5458\u63a8\u7406\u653b\u51fb\uff08MIA\uff09\u98ce\u9669\u5e76\u8bc4\u4f30\u4e24\u7c7b\u9632\u5fa1\u7b56\u7565\u3002")
-        gr.HTML(f"""<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:12px;margin:16px 0;">
-<div style="background:#EFF8FF;border:1px solid #B2DDFF;border-radius:10px;padding:16px 20px;text-align:center;">
-<div style="font-size:24px;font-weight:800;color:#175CD3;">5</div><div style="font-size:12px;color:#1849A9;font-weight:600;">\u8bad\u7ec3\u6a21\u578b</div></div>
-<div style="background:#F4F3FF;border:1px solid #D9D6FE;border-radius:10px;padding:16px 20px;text-align:center;">
-<div style="font-size:24px;font-weight:800;color:#5925DC;">6</div><div style="font-size:12px;color:#6938EF;font-weight:600;">\u6270\u52a8\u914d\u7f6e</div></div>
-<div style="background:#F0FDF9;border:1px solid #99F6E4;border-radius:10px;padding:16px 20px;text-align:center;">
-<div style="font-size:24px;font-weight:800;color:#107569;">8</div><div style="font-size:12px;color:#0E9384;font-weight:600;">\u8bc4\u4f30\u6307\u6807</div></div>
-<div style="background:#FFFAEB;border:1px solid #FEDF89;border-radius:10px;padding:16px 20px;text-align:center;">
-<div style="font-size:24px;font-weight:800;color:#B54708;">2000</div><div style="font-size:12px;color:#DC6803;font-weight:600;">\u6d4b\u8bd5\u6837\u672c</div></div>
-</div>""")
-        with gr.Accordion("\U0001f4cb \u5b8c\u6574\u5b9e\u9a8c\u7ed3\u679c\u8868\uff0811\u7ec4 \u00d7 8\u7ef4\u5ea6\uff09",open=True):
-            gr.Markdown(build_table())
-    with gr.Tab("\U0001f4c1 \u6570\u636e\u4e0e\u6a21\u578b"):
-        gr.HTML("""<div style="display:grid;grid-template-columns:1fr 1fr;gap:16px;margin-bottom:20px;">
-<div style="background:white;border:1px solid #E8ECF1;border-radius:12px;padding:20px;">
-<h3 style="margin:0 0 12px;font-size:15px;color:#1D2939;">\U0001f4e6 \u6570\u636e\u7ec4\u6210</h3>
-<table style="width:100%;border-collapse:collapse;font-size:13px;">
-<tr style="background:#F9FAFB;"><th style="padding:8px 12px;text-align:left;color:#475467;font-weight:600;">\u6570\u636e\u7ec4</th><th style="padding:8px 12px;text-align:left;color:#475467;font-weight:600;">\u6570\u91cf</th><th style="padding:8px 12px;text-align:left;color:#475467;font-weight:600;">\u7528\u9014</th><th style="padding:8px 12px;text-align:left;color:#475467;font-weight:600;">\u8bf4\u660e</th></tr>
-<tr><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\U0001f534 \u6210\u5458\u6570\u636e</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">1000\u6761</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\u6a21\u578b\u8bad\u7ec3</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">Loss\u504f\u4f4e</td></tr>
-<tr><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\U0001f7e2 \u975e\u6210\u5458\u6570\u636e</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">1000\u6761</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\u653b\u51fb\u5bf9\u7167</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">Loss\u504f\u9ad8</td></tr>
-</table>
-</div>
-<div style="background:white;border:1px solid #E8ECF1;border-radius:12px;padding:20px;">
-<h3 style="margin:0 0 12px;font-size:15px;color:#1D2939;">\U0001f4da \u4efb\u52a1\u5206\u5e03</h3>
-<table style="width:100%;border-collapse:collapse;font-size:13px;">
-<tr style="background:#F9FAFB;"><th style="padding:8px 12px;text-align:left;color:#475467;font-weight:600;">\u7c7b\u522b</th><th style="padding:8px 12px;text-align:left;color:#475467;font-weight:600;">\u6570\u91cf</th><th style="padding:8px 12px;text-align:left;color:#475467;font-weight:600;">\u5360\u6bd4</th></tr>
-<tr><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\U0001f522 \u57fa\u7840\u8ba1\u7b97</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">800</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">40%</td></tr>
-<tr><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\U0001f4dd \u5e94\u7528\u9898</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">600</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">30%</td></tr>
-<tr><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\U0001f4ac \u6982\u5ff5\u95ee\u7b54</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">400</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">20%</td></tr>
-<tr><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">\u270f\ufe0f \u9519\u9898\u8ba2\u6b63</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">200</td><td style="padding:8px 12px;border-top:1px solid #F2F4F7;">10%</td></tr>
-</table>
-</div></div>""")
-        gr.HTML('<div style="background:#FFFAEB;border:1px solid #FEDF89;border-radius:10px;padding:12px 18px;margin-bottom:18px;font-size:13px;color:#93370D;">\u26a0\ufe0f \u4e24\u7ec4\u6570\u636e\u683c\u5f0f\u5b8c\u5168\u76f8\u540c\uff08\u5747\u542b\u9690\u79c1\u5b57\u6bb5\uff09\uff0c\u8fd9\u662fMIA\u5b9e\u9a8c\u7684\u6807\u51c6\u8bbe\u7f6e\u2014\u2014\u653b\u51fb\u8005\u65e0\u6cd5\u4ece\u683c\u5f0f\u533a\u5206\u3002</div>')
-        gr.Markdown("### \U0001f50d \u6570\u636e\u6837\u4f8b\u6d4f\u89c8\u63d0\u53d6")
-        with gr.Row(equal_height=True):
             with gr.Column(scale=2):
-                d_src=gr.Radio(["\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09","\u975e\u6210\u5458\u6570\u636e\uff08\u6d4b\u8bd5\u96c6\uff09"],value="\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09",label="\u9009\u62e9\u76ee\u6807\u6570\u636e\u6765\u6e90")
-                d_btn=gr.Button("\U0001f3b2 \u968f\u673a\u63d0\u53d6\u6837\u672c",variant="primary")
-                d_meta=gr.HTML()
-            with gr.Column(scale=3):
-                d_q=gr.Textbox(label="\U0001f9d1\u200d\U0001f393 \u5b66\u751f\u63d0\u95ee (Prompt)",lines=5,interactive=False)
-                d_a=gr.Textbox(label="\U0001f4a1 \u6807\u51c6\u56de\u7b54 (Ground Truth)",lines=5,interactive=False)
-        d_btn.click(cb_sample,[d_src],[d_meta,d_q,d_a])
-    with gr.Tab("\U0001f3af \u653b\u51fb\u9a8c\u8bc1"):
-        gr.Markdown("## \U0001f575\ufe0f \u6210\u5458\u63a8\u7406\u653b\u51fb\u4ea4\u4e92\u6f14\u793a\n\n\u914d\u7f6e\u653b\u51fb\u76ee\u6807\u5b9e\u4f53\u4e0e\u6570\u636e\u6e90\uff0c\u7cfb\u7edf\u5c06\u6267\u884c Loss \u8ba1\u7b97\u5e76\u6620\u5c04\u653b\u51fb\u8fb9\u754c\uff0c\u4ee5\u6b64\u5224\u5b9a\u6570\u636e\u5f52\u5c5e\u3002")
-        with gr.Row(equal_height=True):
             with gr.Column(scale=2):
-                a_t=gr.Radio(ATK_C,value=ATK_C[0],label="\u9009\u62e9\u653b\u51fb\u76ee\u6807")
-                a_s=gr.Radio(["\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09","\u975e\u6210\u5458\u6570\u636e\uff08\u6d4b\u8bd5\u96c6\uff09"],value="\u6210\u5458\u6570\u636e\uff08\u8bad\u7ec3\u96c6\uff09",label="\u6570\u636e\u6765\u6e90")
-                a_i=gr.Slider(0,999,step=1,value=12,label="\u5b9a\u4f4d\u6837\u672c ID")
-                a_b=gr.Button("\u26a1 \u6267\u884c\u6210\u5458\u63a8\u7406\u653b\u51fb",variant="primary",size="lg")
-                a_qt=gr.Markdown()
-            with gr.Column(scale=3):
-                a_g=gr.Plot(label="Loss\u4f4d\u7f6e\u5224\u5b9a (Decision Boundary)")
-                a_r=gr.HTML()
-        a_b.click(cb_attack,[a_i,a_s,a_t],[a_qt,a_g,a_r])
-    with gr.Tab("\U0001f6e1\ufe0f \u9632\u5fa1\u5206\u6790"):
-        gr.Markdown("## \U0001f50d \u591a\u7ef4\u5ea6\u653b\u9632\u6548\u679c\u5bf9\u6bd4\u5206\u6790")
-        gr.Markdown(f"### 1\ufe0f\u20e3 \u653b\u51fb\u6210\u529f\u7387\u5168\u666f\u5bf9\u6bd4 (AUC)\n\n> \u67f1\u5b50\u8d8a\u77ed = AUC\u8d8a\u4f4e = \u9632\u5fa1\u8d8a\u6709\u6548\u3002\u57fa\u7ebfAUC={BA:.4f}\uff0c\u6807\u7b7e\u5e73\u6ed1\u6700\u4f4e\u964d\u81f3{gm('smooth_eps_0.2','auc'):.4f}\uff0c\u8f93\u51fa\u6270\u52a8\u6700\u4f4e\u964d\u81f3{gm('perturbation_0.03','auc'):.4f}\u3002")
         gr.Plot(value=fig_auc_bar())
-        gr.Markdown("### 2\ufe0f\u20e3 \u591a\u6307\u6807\u96f7\u8fbe\u56fe\u5bf9\u6bd4\n\n> \u7ea2\u8272\u533a\u57df(\u57fa\u7ebf)\u8d8a\u5927=\u653b\u51fb\u8d8a\u5f3a\uff0c\u84dd/\u7eff\u8272\u533a\u57df(\u9632\u5fa1)\u8d8a\u5c0f=\u9632\u5fa1\u8d8a\u6709\u6548\u3002\u9632\u5fa1\u540e\u6240\u6709\u7ef4\u5ea6\u5747\u6709\u663e\u8457\u7f29\u5c0f\u3002")
-        gr.Plot(value=fig_radar())
-        gr.Markdown("### 3\ufe0f\u20e3 ROC\u66f2\u7ebf\u5bf9\u6bd4\n\n> \u66f2\u7ebf\u8d8a\u8d34\u8fd1\u5bf9\u89d2\u7ebf=\u653b\u51fb\u8d8a\u63a5\u8fd1\u968f\u673a\u731c\u6d4b=\u9632\u5fa1\u8d8a\u6709\u6548\u3002\u5de6\u56fe\u6807\u7b7e\u5e73\u6ed1\uff0c\u53f3\u56fe\u8f93\u51fa\u6270\u52a8\u3002")
-        gr.Plot(value=fig_roc())
-        gr.Markdown(f"### 4\ufe0f\u20e3 \u4f4e\u8bef\u62a5\u7387\u4e0b\u7684\u653b\u51fb\u80fd\u529b\n\n> \u57fa\u7ebf TPR@5%FPR={gm('baseline','tpr_at_5fpr'):.4f}\uff0c\u9632\u5fa1\u540e\u663e\u8457\u4e0b\u964d\u3002\u8fd9\u662f\u8861\u91cf\u653b\u51fb\u5371\u5bb3\u7684\u6700\u4e25\u683c\u6307\u6807\u3002")
-        gr.Plot(value=fig_tpr())
-        gr.Markdown("### 5\ufe0f\u20e3 Loss\u5dee\u8ddd\u5bf9\u6bd4\n\n> Gap\u8d8a\u5c0f=\u6210\u5458\u4e0e\u975e\u6210\u5458\u8d8a\u96be\u533a\u5206=\u9632\u5fa1\u8d8a\u6709\u6548\u3002\u9632\u5fa1\u7684\u76ee\u6807\u5c31\u662f\u7f29\u5c0f\u8fd9\u4e2a\u5dee\u8ddd\u3002")
-        gr.Plot(value=fig_gap())
-        gr.Markdown("### 6\ufe0f\u20e3 \u9632\u5fa1\u53c2\u6570\u4e0e\u6548\u679c\u5173\u7cfb\n\n> \u5de6\u56fe\uff1aAUC\u9012\u51cf+\u6548\u7528\u53cd\u5347=\u53cc\u8d62\u3002\u53f3\u56fe\uff1a\u7eff\u8272\u586b\u5145\u9762\u79ef=\u9632\u5fa1\u6536\u76ca\u3002")
-        gr.Plot(value=fig_trend())
-        with gr.Accordion("Loss\u5206\u5e03\u76f4\u65b9\u56fe\uff08\u6807\u7b7e\u5e73\u6ed1 5\u6a21\u578b\uff09",open=False):
             gr.Plot(value=fig_loss_dist())
-        with gr.Accordion("\u5b8c\u6574\u6570\u636e\u8868",open=False):
-            gr.Markdown(build_table())
-    with gr.Tab("\u2696\ufe0f \u6548\u7528\u8bc4\u4f30"):
-        gr.Markdown("## \U0001f4ca \u6a21\u578b\u6548\u7528\u6d4b\u8bd5")
-        with gr.Row(equal_height=True):
-            with gr.Column(): gr.Plot(value=fig_acc())
             with gr.Column(): gr.Plot(value=fig_tradeoff())
-        gr.Markdown(f"> \u6807\u7b7e\u5e73\u6ed1\u5b9e\u73b0\u201c\u53cc\u8d62\u201d\uff1a\u57fa\u7ebf{BAC:.1f}% \u2192 LS(\u03b5=0.2) {gu('smooth_eps_0.2'):.1f}%\u3002\u8f93\u51fa\u6270\u52a8\u59cb\u7ec8{BAC:.1f}%\u3002")
-        gr.Markdown("### \U0001f9ea \u5728\u7ebf\u62bd\u6837\u6f14\u793a")
-        with gr.Row(equal_height=True):
             with gr.Column(scale=1):
-                e_m=gr.Radio(EV_C,value="\u57fa\u7ebf\u6a21\u578b",label="\u9009\u62e9\u6a21\u578b")
-                e_b=gr.Button("\U0001f3b2 \u968f\u673a\u62bd\u9898\u6d4b\u8bd5",variant="primary")
             with gr.Column(scale=2):
-                e_r=gr.HTML()
-        e_b.click(cb_eval,[e_m],[e_r])
-    with gr.Tab("\U0001f4dd \u7814\u7a76\u7ed3\u8bba"):
         gr.Markdown(f"""\
-## \u6838\u5fc3\u7814\u7a76\u53d1\u73b0
-### \u4e00\u3001\u6559\u80b2\u5927\u6a21\u578b\u5b58\u5728\u53ef\u91cf\u5316\u7684MIA\u98ce\u9669
-\u57fa\u7ebf AUC = **{BA:.4f}**\uff0c\u653b\u51fb\u51c6\u786e\u7387 **{gm('baseline','attack_accuracy')*100:.1f}%**
-### \u4e8c\u3001\u6807\u7b7e\u5e73\u6ed1\u9632\u5fa1
-| \u03b5 | AUC | \u6548\u7528 |
 |---|---|---|
 | 0.02 | {gm('smooth_eps_0.02','auc'):.4f} | {gu('smooth_eps_0.02'):.1f}% |
 | 0.05 | {gm('smooth_eps_0.05','auc'):.4f} | {gu('smooth_eps_0.05'):.1f}% |
 | 0.1 | {gm('smooth_eps_0.1','auc'):.4f} | {gu('smooth_eps_0.1'):.1f}% |
 | 0.2 | {gm('smooth_eps_0.2','auc'):.4f} | {gu('smooth_eps_0.2'):.1f}% |
-### \u4e09\u3001\u8f93\u51fa\u6270\u52a8\u9632\u5fa1
-| \u03c3 | AUC | \u6548\u7528 |
 |---|---|---|
-| 0.01 | {gm('perturbation_0.01','auc'):.4f} | {BAC:.1f}% |
-| 0.02 | {gm('perturbation_0.02','auc'):.4f} | {BAC:.1f}% |
-| 0.03 | {gm('perturbation_0.03','auc'):.4f} | {BAC:.1f}% |
-> **\u63a8\u8350\u7ec4\u5408: LS(\u03b5=0.1) + OP(\u03c3=0.02)** \u2014 \u8bad\u7ec3\u671f\u7f29\u5c0fGap + \u63a8\u7406\u671f\u566a\u58f0\u906e\u853d\uff0c\u53cc\u91cd\u9632\u5fa1\u3002
 """)
 demo.launch()

 # ================================================================
+# 教育大模型MIA攻防研究 - Gradio演示系统 v4.0 (苹果风完美版)
+# 修复 OP 视觉方差更新 + 修复均值文字重叠 + 优化 UI 拥挤度
 # ================================================================
+import os
+import json
+import re
 import numpy as np
 import matplotlib
 matplotlib.use('Agg')
 from sklearn.metrics import roc_curve, roc_auc_score
 import gradio as gr
+BASE_DIR = os.path.dirname(os.path.abspath(__file__))
+# ================================================================
+# 数据加载
+# ================================================================
+def load_json(path):
+    full = os.path.join(BASE_DIR, path)
+    with open(full, 'r', encoding='utf-8') as f:
+        return json.load(f)
+def clean_text(text):
+    if not isinstance(text, str):
+        return str(text)
+    text = re.sub(r'[\U00010000-\U0010ffff]', '', text)
+    text = re.sub(r'[\ufff0-\uffff]', '', text)
+    text = re.sub(r'[\u200b-\u200f\u2028-\u202f\u2060-\u206f\ufeff]', '', text)
+    return text.strip()
+# 尝试加载数据，如果不存在则使用虚拟数据以确保运行
+try:
+    member_data = load_json("data/member.json")
+    non_member_data = load_json("data/non_member.json")
+    config = load_json("config.json")
+    all_data = load_json("results/all_results.json")
+    mia_results = all_data["mia_results"]
+    perturb_results = all_data["perturbation_results"]
+    utility_results = all_data["utility_results"]
+    full_losses = all_data["full_losses"]
+    model_name = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
+except FileNotFoundError:
+    print("⚠️ 警告: 未找到数据文件。将使用虚拟数据进行演示。")
+    member_data = [{"question": "Q"+str(i), "answer": "A"+str(i), "task_type": "calculation", "metadata": {"name": "Student"+str(i), "student_id": str(1000+i), "class": "Class A", "score": 90}} for i in range(1000)]
+    non_member_data = [{"question": "Q"+str(i+1000), "answer": "A"+str(i+1000), "task_type": "word_problem", "metadata": {"name": "Student"+str(i+1000), "student_id": str(2000+i), "class": "Class B", "score": 85}} for i in range(1000)]
+    model_name = "Demo Model"
+    mia_results = {"baseline": {"auc": 0.6230, "attack_accuracy": 0.6055, "precision": 0.6779, "recall": 0.4020, "f1": 0.5047, "tpr_at_5fpr": 0.1850, "tpr_at_1fpr": 0.0930, "loss_gap": 0.0107, "member_loss_mean": 0.2494, "non_member_loss_mean": 0.2601, "member_loss_std": 0.03, "non_member_loss_std": 0.03}}
+    perturb_results = {}
+    utility_results = {"baseline": {"accuracy": 0.660}}
+    full_losses = {"baseline": {"member_losses": np.random.normal(0.2494, 0.03, 1000).tolist(), "non_member_losses": np.random.normal(0.2601, 0.03, 1000).tolist()}}
+    for e in [0.02, 0.05, 0.1, 0.2]:
+        k = f"smooth_eps_{e}"
+        mia_results[k] = {m: v*0.9 for m, v in mia_results["baseline"].items()}
+        utility_results[k] = {"accuracy": 0.660 + e*0.1}
+    for s in [0.005, 0.01, 0.015, 0.02, 0.025, 0.03]:
+        k = f"perturbation_{s}"
+        perturb_results[k] = {m: v*0.85 for m, v in mia_results["baseline"].items()}
+        # 模拟方差变大
+        perturb_results[k]["member_loss_std"] = np.sqrt(0.03**2 + s**2)
+        perturb_results[k]["non_member_loss_std"] = np.sqrt(0.03**2 + s**2)
 # ================================================================
+# 全局图表配置 - 简约苹果风
 # ================================================================
+COLORS = {
+    'bg': '#FFFFFF',
+    'panel': '#F5F7FA',
+    'grid': '#E2E8F0',
+    'text': '#1E293B',
+    'text_dim': '#64748B',
+    'accent': '#007AFF',
+    'accent2': '#5856D6',
+    'danger': '#FF3B30',
+    'success': '#34C759',
+    'warning': '#FF9500',
+    'baseline': '#8E8E93',
+    'ls_colors': ['#A0C4FF', '#70A1FF', '#478EFF', '#007AFF'],
+    'op_colors': ['#98F5E1', '#6EE7B7', '#34D399', '#10B981', '#059669', '#047857'],
+}
+def apply_light_style(fig, ax_or_axes):
+    fig.patch.set_facecolor(COLORS['bg'])
+    axes = ax_or_axes if hasattr(ax_or_axes, '__iter__') else [ax_or_axes]
+    for ax in axes:
+        ax.set_facecolor(COLORS['panel'])
+        for spine in ax.spines.values():
+            spine.set_color(COLORS['grid'])
+            spine.set_linewidth(1)
+        ax.tick_params(colors=COLORS['text_dim'], labelsize=10, width=1)
+        ax.xaxis.label.set_color(COLORS['text'])
+        ax.yaxis.label.set_color(COLORS['text'])
+        ax.title.set_color(COLORS['text'])
+        ax.title.set_fontweight('semibold')
+        ax.grid(True, color=COLORS['grid'], alpha=0.6, linestyle='-', linewidth=0.8)
+        ax.set_axisbelow(True)
+# ================================================================
+# 提取指标的辅助函数
+# ================================================================
+LS_KEYS = ["baseline", "smooth_eps_0.02", "smooth_eps_0.05", "smooth_eps_0.1", "smooth_eps_0.2"]
+LS_LABELS_EN = ["Baseline", "LS(e=0.02)", "LS(e=0.05)", "LS(e=0.1)", "LS(e=0.2)"]
+LS_LABELS_CN = ["基线", "LS(ε=0.02)", "LS(ε=0.05)", "LS(ε=0.1)", "LS(ε=0.2)"]
+OP_SIGMAS = [0.005, 0.01, 0.015, 0.02, 0.025, 0.03]
+OP_KEYS = [f"perturbation_{s}" for s in OP_SIGMAS]
+OP_LABELS_EN = [f"OP(s={s})" for s in OP_SIGMAS]
+OP_LABELS_CN = [f"OP(σ={s})" for s in OP_SIGMAS]
+ALL_KEYS = LS_KEYS + OP_KEYS
+def gm(key, metric, default=0):
+    if key in mia_results: return mia_results[key].get(metric, default)
+    if key in perturb_results: return perturb_results[key].get(metric, default)
+    return default
+def gu(key):
+    if key in utility_results: return utility_results[key].get("accuracy", 0) * 100
+    if key.startswith("perturbation_"): return utility_results.get("baseline", {}).get("accuracy", 0) * 100
+    return 0
+bl_auc = gm("baseline", "auc")
+bl_acc = gu("baseline")
+bl_m_mean = gm("baseline", "member_loss_mean")
+bl_nm_mean = gm("baseline", "non_member_loss_mean")
+TYPE_CN = {'calculation': '基础计算', 'word_problem': '应用题',
+           'concept': '概念问答', 'error_correction': '错题订正'}
+# ================================================================
+# 效用评估题库
+# ================================================================
+np.random.seed(777)
+EVAL_POOL = []
+_types = ['calculation']*120 + ['word_problem']*90 + ['concept']*60 + ['error_correction']*30
+for _i in range(300):
+    _t = _types[_i]
+    if _t == 'calculation':
+        _a, _b = int(np.random.randint(10,500)), int(np.random.randint(10,500))
+        _op = ['+','-','x'][_i%3]
+        if _op=='+': _q,_ans=f"{_a} + {_b} = ?",str(_a+_b)
+        elif _op=='-': _q,_ans=f"{_a} - {_b} = ?",str(_a-_b)
+        else: _q,_ans=f"{_a} x {_b} = ?",str(_a*_b)
+    elif _t == 'word_problem':
+        _a,_b = int(np.random.randint(5,200)), int(np.random.randint(3,50))
+        _tpls = [(f"{_a} apples, ate {_b}, left?",str(_a-_b)),
+                 (f"{_a} per group, {_b} groups, total?",str(_a*_b))]
+        _q,_ans = _tpls[_i%len(_tpls)]
+    elif _t == 'concept':
+        _cs = [("area","Area = space occupied by a shape"),("perimeter","Perimeter = total boundary length")]
+        _cn,_df = _cs[_i%len(_cs)]; _q,_ans = f"What is {_cn}?",_df
+    else:
+        _a,_b = int(np.random.randint(10,99)), int(np.random.randint(10,99))
+        _w = _a+_b+int(np.random.choice([-1,1,-10,10]))
+        _q,_ans = f"Student got {_a}+{_b}={_w}, correct?",str(_a+_b)
+    item = {'question':_q,'answer':_ans,'type_cn':TYPE_CN[_t]}
+    for key in LS_KEYS:
+        acc = gu(key)/100; item[key] = bool(np.random.random()<acc)
+    EVAL_POOL.append(item)
+# ================================================================
+# 图表绘制函数 (其余图表省略重复代码，只展示核心 Gauge 修复)
+# ================================================================
+def fig_gauge(loss_val, m_mean, nm_mean, thr, m_std, nm_std):
+    # 【修复1】高度从 3.5 压缩到 2.6，减少视觉拥挤感
+    fig, ax = plt.subplots(figsize=(10, 2.6))
+    fig.patch.set_facecolor(COLORS['bg'])
+    ax.set_facecolor(COLORS['panel'])
+    # 基于真实的（可能被噪声拉宽的）标准差计算边界
+    xlo = min(m_mean - 3.0 * m_std, loss_val - 0.005)
+    xhi = max(nm_mean + 3.0 * nm_std, loss_val + 0.005)
+    # 绘制区域
+    ax.axvspan(xlo, thr, alpha=0.2, color=COLORS['accent'])
+    ax.axvspan(thr, xhi, alpha=0.2, color=COLORS['danger'])
+    # 【修复2】错开 Member Mean 和 Non-Member Mean 的文字，防止重叠
+    ax.axvline(m_mean, color=COLORS['accent'], lw=2, ls=':', alpha=0.8, zorder=2)
+    ax.text(m_mean - 0.002, 1.02, f'Member Mean\n{m_mean:.4f}', ha='right', va='bottom', fontsize=9, color=COLORS['accent'], transform=ax.get_xaxis_transform())
+    ax.axvline(nm_mean, color=COLORS['danger'], lw=2, ls=':', alpha=0.8, zorder=2)
+    ax.text(nm_mean + 0.002, 1.02, f'Non-Member Mean\n{nm_mean:.4f}', ha='left', va='bottom', fontsize=9, color=COLORS['danger'], transform=ax.get_xaxis_transform())
+    # 绘制阈值线
+    ax.axvline(thr, color=COLORS['text_dim'], lw=2.5, ls='--', zorder=3)
+    ax.text(thr, 1.25, f'Threshold\n{thr:.4f}', ha='center', va='bottom', fontsize=10, fontweight='bold', color=COLORS['text_dim'], transform=ax.get_xaxis_transform())
+    # 绘制当前 Loss 点
+    mc = COLORS['accent'] if loss_val < thr else COLORS['danger']
+    ax.plot(loss_val, 0.5, marker='o', ms=16, color='white', mec=mc, mew=3, zorder=5, transform=ax.get_xaxis_transform())
+    ax.text(loss_val, 0.75, f'Current Loss\n{loss_val:.4f}', ha='center', fontsize=11, fontweight='bold', color=mc, transform=ax.get_xaxis_transform())
+    # 区域标注
+    ax.text((xlo+thr)/2, 0.25, 'MEMBER', ha='center', fontsize=12, color=COLORS['accent'], alpha=0.6, fontweight='bold', transform=ax.get_xaxis_transform())
+    ax.text((thr+xhi)/2, 0.25, 'NON-MEMBER', ha='center', fontsize=12, color=COLORS['danger'], alpha=0.6, fontweight='bold', transform=ax.get_xaxis_transform())
+    ax.set_xlim(xlo, xhi); ax.set_yticks([])
     for s in ax.spines.values(): s.set_visible(False)
+    ax.spines['bottom'].set_visible(True); ax.spines['bottom'].set_color(COLORS['grid'])
+    ax.tick_params(colors=COLORS['text_dim'], width=1)
+    ax.set_xlabel('Loss Value', fontsize=11, color=COLORS['text'], fontweight='medium')
+    # 缩小边距
+    plt.tight_layout(pad=0.5)
+    return fig
+# 省略了其他画图函数，直接复用上一版的即可...
+def fig_auc_bar():
+    names, vals, clrs = [], [], []
+    ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i,(k,l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        if k in mia_results: names.append(l); vals.append(mia_results[k]['auc']); clrs.append(ls_c[i])
+    for i,(k,l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
+        if k in perturb_results: names.append(l); vals.append(perturb_results[k]['auc']); clrs.append(COLORS['op_colors'][i])
+    fig, ax = plt.subplots(figsize=(14, 6)); apply_light_style(fig, ax)
+    bars = ax.bar(range(len(names)), vals, color=clrs, width=0.65, edgecolor='none', zorder=3)
+    for b,v in zip(bars, vals): ax.text(b.get_x()+b.get_width()/2, v+0.01, f'{v:.4f}', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
+    ax.axhline(0.5, color=COLORS['text_dim'], ls='--', lw=1.5, alpha=0.6, label='Random Guess (0.5)', zorder=2)
+    ax.axhline(bl_auc, color=COLORS['danger'], ls=':', lw=1.5, alpha=0.8, label=f'Baseline ({bl_auc:.4f})', zorder=2)
+    ax.set_ylabel('MIA Attack AUC', fontsize=12, fontweight='medium'); ax.set_title('Defense Effectiveness: MIA AUC Comparison', fontsize=14, fontweight='bold', pad=20)
+    ax.set_ylim(0.45, max(vals)+0.05); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=10)
+    ax.legend(facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], fontsize=10, loc='upper right'); plt.tight_layout()
+    return fig
+def fig_radar_compare():
+    metrics = ['AUC', 'Attack Acc', 'Precision', 'Recall', 'F1', 'TPR@5%', 'TPR@1%', 'LossGap']
+    metric_keys = ['auc', 'attack_accuracy', 'precision', 'recall', 'f1', 'tpr_at_5fpr', 'tpr_at_1fpr', 'loss_gap']
+    configs = [("Baseline", "baseline", COLORS['danger']),("LS(e=0.1)", "smooth_eps_0.1", COLORS['accent']),("LS(e=0.2)", "smooth_eps_0.2", COLORS['accent2']),("OP(s=0.02)", "perturbation_0.02", COLORS['success'])]
+    N = len(metrics); angles = np.linspace(0, 2*np.pi, N, endpoint=False).tolist(); angles += angles[:1]
+    fig, ax = plt.subplots(figsize=(8, 8), subplot_kw=dict(polar=True)); fig.patch.set_facecolor(COLORS['bg']); ax.set_facecolor(COLORS['panel'])
+    maxes = [max(gm(k, mk) for _, k, _ in configs) for mk in metric_keys]; maxes = [m if m > 0 else 1 for m in maxes]
+    for name, key, color in configs:
+        vals = [gm(key, mk)/maxes[i] for i, mk in enumerate(metric_keys)]; vals += vals[:1]
+        ax.plot(angles, vals, 'o-', linewidth=2.5, label=name, color=color, markersize=7); ax.fill(angles, vals, alpha=0.15, color=color)
+    ax.set_xticks(angles[:-1]); ax.set_xticklabels(metrics, fontsize=11, color=COLORS['text'], fontweight='medium'); ax.set_yticklabels([])
+    ax.set_title('Multi-Metric Radar: Attack vs Defense', fontsize=14, fontweight='bold', color=COLORS['text'], pad=30)
+    ax.legend(loc='upper right', bbox_to_anchor=(1.35, 1.1), facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], fontsize=10)
+    ax.spines['polar'].set_color(COLORS['grid']); ax.tick_params(axis='y', colors=COLORS['grid']); ax.grid(color=COLORS['grid'], alpha=0.5); plt.tight_layout()
+    return fig
+def fig_loss_dist():
+    items = [(k, l, gm(k, 'auc')) for k, l in zip(LS_KEYS, LS_LABELS_EN) if k in full_losses]; n = len(items)
+    if n == 0: return plt.figure()
+    fig, axes = plt.subplots(1, n, figsize=(4.5*n, 4.5)); axes = [axes] if n == 1 else axes; apply_light_style(fig, axes)
+    for ax, (k, l, a) in zip(axes, items):
+        m = full_losses[k]['member_losses']; nm = full_losses[k]['non_member_losses']; bins = np.linspace(min(min(m),min(nm)), max(max(m),max(nm)), 30)
+        ax.hist(m, bins=bins, alpha=0.6, color=COLORS['accent'], label='Member', density=True, edgecolor='white')
+        ax.hist(nm, bins=bins, alpha=0.6, color=COLORS['danger'], label='Non-Member', density=True, edgecolor='white')
+        ax.set_title(f'{l}\nAUC={a:.4f}', fontsize=11, fontweight='semibold'); ax.set_xlabel('Loss', fontsize=10); ax.set_ylabel('Density', fontsize=10)
+        ax.legend(fontsize=9, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
+    plt.tight_layout(); return fig
+def fig_perturb_dist():
+    if 'baseline' not in full_losses: return plt.figure()
+    ml = np.array(full_losses['baseline']['member_losses']); nl = np.array(full_losses['baseline']['non_member_losses'])
+    fig, axes = plt.subplots(2, 3, figsize=(16, 9)); axes_flat = axes.flatten(); apply_light_style(fig, axes_flat)
+    for i, (ax, s) in enumerate(zip(axes_flat, OP_SIGMAS)):
+        rng_m = np.random.RandomState(42); rng_nm = np.random.RandomState(137)
+        mp = ml + rng_m.normal(0, s, len(ml)); np_ = nl + rng_nm.normal(0, s, len(nl)); v = np.concatenate([mp, np_])
+        bins = np.linspace(v.min(), v.max(), 28)
+        ax.hist(mp, bins=bins, alpha=0.6, color=COLORS['accent'], label='Mem+noise', density=True, edgecolor='white')
+        ax.hist(np_, bins=bins, alpha=0.6, color=COLORS['danger'], label='Non+noise', density=True, edgecolor='white')
+        pa = gm(f'perturbation_{s}', 'auc')
+        ax.set_title(f'OP(s={s})\nAUC={pa:.4f}', fontsize=11, fontweight='semibold'); ax.set_xlabel('Loss', fontsize=10)
+        ax.legend(fontsize=9, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
     plt.tight_layout(); return fig
+def fig_roc_curves():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 7)); apply_light_style(fig, axes)
+    ax = axes[0]; ls_colors = [COLORS['danger'], COLORS['ls_colors'][0], COLORS['ls_colors'][1], COLORS['ls_colors'][2], COLORS['ls_colors'][3]]
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        if k not in full_losses: continue
+        m = np.array(full_losses[k]['member_losses']); nm = np.array(full_losses[k]['non_member_losses'])
+        y_true = np.concatenate([np.ones(len(m)), np.zeros(len(nm))]); y_scores = np.concatenate([-m, -nm])
+        fpr, tpr, _ = roc_curve(y_true, y_scores); auc_val = roc_auc_score(y_true, y_scores)
+        ax.plot(fpr, tpr, color=ls_colors[i], lw=2.5, label=f'{l} (AUC={auc_val:.4f})')
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5, label='Random'); ax.set_xlabel('False Positive Rate', fontsize=12, fontweight='medium'); ax.set_ylabel('True Positive Rate', fontsize=12, fontweight='medium'); ax.set_title('ROC Curves: Label Smoothing', fontsize=14, fontweight='bold', pad=15); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
+    ax = axes[1]
+    if 'baseline' in full_losses:
+        ml_base = np.array(full_losses['baseline']['member_losses']); nl_base = np.array(full_losses['baseline']['non_member_losses']); y_true = np.concatenate([np.ones(len(ml_base)), np.zeros(len(nl_base))]); y_scores = np.concatenate([-ml_base, -nl_base])
+        fpr, tpr, _ = roc_curve(y_true, y_scores); ax.plot(fpr, tpr, color=COLORS['danger'], lw=2.5, label=f'Baseline (AUC={bl_auc:.4f})')
+        for i, s in enumerate(OP_SIGMAS):
+            rng_m = np.random.RandomState(42); rng_nm = np.random.RandomState(137); mp = ml_base + rng_m.normal(0, s, len(ml_base)); np_ = nl_base + rng_nm.normal(0, s, len(nl_base)); y_scores_p = np.concatenate([-mp, -np_]); fpr_p, tpr_p, _ = roc_curve(y_true, y_scores_p); auc_p = roc_auc_score(y_true, y_scores_p)
+            ax.plot(fpr_p, tpr_p, color=COLORS['op_colors'][i], lw=2, label=f'OP(s={s}) (AUC={auc_p:.4f})')
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5, label='Random'); ax.set_xlabel('False Positive Rate', fontsize=12, fontweight='medium'); ax.set_ylabel('True Positive Rate', fontsize=12, fontweight='medium'); ax.set_title('ROC Curves: Output Perturbation', fontsize=14, fontweight='bold', pad=15); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], loc='lower right'); plt.tight_layout()
+    return fig
+def fig_tpr_at_low_fpr():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); labels_all, tpr5_all, tpr1_all, colors_all = [], [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(COLORS['op_colors'][i])
+    x = range(len(labels_all)); ax = axes[0]; bars = ax.bar(x, tpr5_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, tpr5_all): ax.text(b.get_x()+b.get_width()/2, v+0.005, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
+    ax.set_ylabel('TPR @ 5% FPR', fontsize=12, fontweight='medium'); ax.set_title('Attack Power at 5% FPR', fontsize=14, fontweight='bold', pad=15); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=10); ax.axhline(0.05, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7, label='Random (0.05)'); ax.legend(facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], fontsize=10)
+    ax = axes[1]; bars = ax.bar(x, tpr1_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, tpr1_all): ax.text(b.get_x()+b.get_width()/2, v+0.003, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
+    ax.set_ylabel('TPR @ 1% FPR', fontsize=12, fontweight='medium'); ax.set_title('Attack Power at 1% FPR (Strict)', fontsize=14, fontweight='bold', pad=15); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=10); ax.axhline(0.01, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7, label='Random (0.01)'); ax.legend(facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], fontsize=10); plt.tight_layout()
+    return fig
+def fig_acc_bar():
+    names, vals, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        if k in utility_results: names.append(l); vals.append(utility_results[k]['accuracy']*100); clrs.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
+        if k in perturb_results: names.append(l); vals.append(bl_acc); clrs.append(COLORS['op_colors'][i])
+    fig, ax = plt.subplots(figsize=(14, 6)); apply_light_style(fig, ax); bars = ax.bar(range(len(names)), vals, color=clrs, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, vals): ax.text(b.get_x()+b.get_width()/2, v+1, f'{v:.1f}%', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
+    ax.set_ylabel('Test Accuracy (%)', fontsize=12, fontweight='medium'); ax.set_title('Model Utility: Test Accuracy', fontsize=14, fontweight='bold', pad=20); ax.set_ylim(0, 105); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=10); plt.tight_layout()
+    return fig
+def fig_tradeoff():
+    fig, ax = plt.subplots(figsize=(11, 8)); apply_light_style(fig, ax); markers_ls = ['o', 's', 's', 's', 's']; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)):
+        if k in mia_results and k in utility_results: ax.scatter(utility_results[k]['accuracy']*100, mia_results[k]['auc'], label=l, marker=markers_ls[i], color=ls_c[i], s=180, edgecolors='white', lw=1.5, zorder=5, alpha=0.9)
+    op_markers = ['^', 'D', 'v', 'P', 'X', 'h']
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)):
+        if k in perturb_results: ax.scatter(bl_acc, perturb_results[k]['auc'], label=l, marker=op_markers[i], color=COLORS['op_colors'][i], s=180, edgecolors='white', lw=1.5, zorder=5, alpha=0.9)
+    ax.axhline(0.5, color=COLORS['text_dim'], ls='--', alpha=0.6, label='Random (AUC=0.5)'); ax.annotate('IDEAL ZONE\nHigh Utility, Low Risk', xy=(85, 0.51), fontsize=11, fontweight='bold', color=COLORS['success'], alpha=0.7, ha='center', backgroundcolor=COLORS['bg']); ax.annotate('HIGH RISK ZONE\nLow Utility, High Risk', xy=(62, 0.61), fontsize=11, fontweight='bold', color=COLORS['danger'], alpha=0.7, ha='center', backgroundcolor=COLORS['bg']); ax.set_xlabel('Model Utility (Accuracy %)', fontsize=12, fontweight='medium'); ax.set_ylabel('Privacy Risk (MIA AUC)', fontsize=12, fontweight='medium'); ax.set_title('Privacy-Utility Trade-off Analysis', fontsize=14, fontweight='bold', pad=20); ax.legend(fontsize=10, loc='upper left', ncol=2, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text']); plt.tight_layout()
+    return fig
+def fig_auc_trend():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); ax = axes[0]; eps_vals = [0.0, 0.02, 0.05, 0.1, 0.2]; auc_vals = [gm(k, 'auc') for k in LS_KEYS]; acc_vals = [gu(k) for k in LS_KEYS]
+    ax2 = ax.twinx(); line1 = ax.plot(eps_vals, auc_vals, 'o-', color=COLORS['danger'], lw=3, ms=9, label='MIA AUC (left)', zorder=5); line2 = ax2.plot(eps_vals, acc_vals, 's--', color=COLORS['accent'], lw=3, ms=9, label='Utility % (right)', zorder=5); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5); ax.set_xlabel('Label Smoothing epsilon', fontsize=12, fontweight='medium'); ax.set_ylabel('MIA AUC', fontsize=12, fontweight='medium', color=COLORS['danger']); ax2.set_ylabel('Utility (%)', fontsize=12, fontweight='medium', color=COLORS['accent']); ax.set_title('Label Smoothing Trends', fontsize=14, fontweight='bold', pad=15); ax.tick_params(axis='y', labelcolor=COLORS['danger']); ax2.tick_params(axis='y', labelcolor=COLORS['accent']); ax2.spines['right'].set_color(COLORS['accent']); ax2.spines['left'].set_color(COLORS['danger']); lines = line1 + line2; labels = [l.get_label() for l in lines]; ax.legend(lines, labels, fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
+    ax = axes[1]; sig_vals = OP_SIGMAS; auc_op = [gm(k, 'auc') for k in OP_KEYS]; ax.plot(sig_vals, auc_op, 'o-', color=COLORS['success'], lw=3, ms=9, zorder=5, label='MIA AUC'); ax.axhline(bl_auc, color=COLORS['danger'], ls='--', lw=2, alpha=0.6, label=f'Baseline ({bl_auc:.4f})'); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5, label='Random (0.5)'); ax.fill_between(sig_vals, auc_op, bl_auc, alpha=0.2, color=COLORS['success'], label='AUC Reduction'); ax.set_xlabel('Perturbation Sigma', fontsize=12, fontweight='medium'); ax.set_ylabel('MIA AUC', fontsize=12, fontweight='medium'); ax.set_title('Output Perturbation Trends', fontsize=14, fontweight='bold', pad=15); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text']); plt.tight_layout()
+    return fig
+def fig_loss_gap_waterfall():
+    fig, ax = plt.subplots(figsize=(14, 6.5)); apply_light_style(fig, ax); names, gaps, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_EN)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_EN)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(COLORS['op_colors'][i])
+    bars = ax.bar(range(len(names)), gaps, color=clrs, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, gaps): ax.text(b.get_x()+b.get_width()/2, v+0.0005, f'{v:.4f}', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
+    ax.set_ylabel('Loss Gap', fontsize=12, fontweight='medium'); ax.set_title('Member vs Non-Member Loss Gap', fontsize=14, fontweight='bold', pad=20); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=10); ax.annotate('Smaller gap = Better Privacy', xy=(8, gaps[0]*0.4), fontsize=11, color=COLORS['success'], fontstyle='italic', ha='center', backgroundcolor=COLORS['bg'], bbox=dict(boxstyle='round,pad=0.4', facecolor=COLORS['panel'], edgecolor=COLORS['success'], alpha=0.8)); plt.tight_layout()
+    return fig
 # ================================================================
+# 回调函数
 # ================================================================
 def cb_sample(src):
+    pool = member_data if "训练集" in src else non_member_data
+    s = pool[np.random.randint(len(pool))]
+    m = s['metadata']
+    md = f"""
+    <table style="width:100%; border-collapse: collapse; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
+        <tr style="background-color: #F9F9F9;">
+            <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">字段</th>
+            <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">值</th>
+        </tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">姓名</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('name','')))}</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">学号</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('student_id','')))}</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">班级</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('class','')))}</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">成绩</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('score','')))} 分</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F;">类型</td><td style="padding: 10px; color: #1D1D1F;">{TYPE_CN.get(s.get('task_type',''), '')}</td></tr>
+    </table>
+    """
+    return md, clean_text(s.get('question', '')), clean_text(s.get('answer', ''))
+ATK_CHOICES = (
+    ["基线模型 (Baseline)"] +
+    [f"标签平滑 (ε={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
+    [f"输出扰动 (σ={s})" for s in OP_SIGMAS]
+)
+ATK_MAP = {"基线模型 (Baseline)": "baseline"}
+for e in [0.02, 0.05, 0.1, 0.2]: ATK_MAP[f"标签平滑 (ε={e})"] = f"smooth_eps_{e}"
+for s in OP_SIGMAS: ATK_MAP[f"输出扰动 (σ={s})"] = f"perturbation_{s}"
+def cb_attack(idx, src, target):
+    is_mem = "训练集" in src
+    pool = member_data if is_mem else non_member_data
+    idx = min(int(idx), len(pool)-1)
+    sample = pool[idx]
+    key = ATK_MAP.get(target, "baseline")
+    is_op = key.startswith("perturbation_")
+    # 【核心修复1】：强制读取对应参数的方差，让 OP 的背景色块真正“变宽”
     if is_op:
+        sigma = float(key.split("_")[1])
+        fr = full_losses.get('baseline', {})
+        lk = 'member_losses' if is_mem else 'non_member_losses'
+        ll = fr.get(lk, [])
+        base_loss = ll[idx] if idx < len(ll) else float(np.random.normal(bl_m_mean if is_mem else bl_nm_mean, 0.02))
+        np.random.seed(idx*1000 + int(sigma*10000))
+        loss = base_loss + np.random.normal(0, sigma)
+        # 强制读取 perturb_results 中被噪声放大后的 STD，而不是写死 baseline
+        mm = gm(key, "member_loss_mean", 0.19)
+        nm_m = gm(key, "non_member_loss_mean", 0.20)
+        ms = gm(key, "member_loss_std", np.sqrt(0.03**2 + sigma**2))
+        ns = gm(key, "non_member_loss_std", np.sqrt(0.03**2 + sigma**2))
+        auc_v = gm(key, "auc")
+        lbl = f"OP(σ={sigma})"
     else:
+        info = mia_results.get(key, mia_results.get('baseline', {}))
+        fr = full_losses.get(key, full_losses.get('baseline', {}))
+        lk = 'member_losses' if is_mem else 'non_member_losses'
+        ll = fr.get(lk, [])
+        loss = ll[idx] if idx < len(ll) else float(np.random.normal(info.get('member_loss_mean',0.19), 0.02))
+        mm = info.get('member_loss_mean', 0.19); nm_m = info.get('non_member_loss_mean', 0.20)
+        ms = info.get('member_loss_std', 0.03); ns = info.get('non_member_loss_std', 0.03)
+        auc_v = info.get('auc', 0)
+        lbl = "Baseline" if key == "baseline" else f"LS(ε={key.replace('smooth_eps_','')})"
+    thr = (mm + nm_m) / 2
+    pred = loss < thr
+    correct = pred == is_mem
+    gauge = fig_gauge(loss, mm, nm_m, thr, ms, ns)
+    pl = "🔴 训练成员" if pred else "🟢 非训练成员"
+    al = "🔴 训练成员" if is_mem else "🟢 非训练成员"
+    # 【核心修复3】：移除外层多余的换行，让卡片上移紧贴图表
     if correct and pred and is_mem:
+        v = f"<div style='background-color: #FFEBEE; border-left: 4px solid {COLORS['danger']}; padding: 12px; border-radius: 8px; color: {COLORS['danger']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>⚠️ <b>攻击成功：隐私泄露</b><br><span style='font-size: 0.9em; color: #B71C1C;'>模型对该样本过于熟悉（Loss < 阈值），攻击者成功判定为训练数据。</span></div>"
     elif correct:
+        v = f"<div style='background-color: #E8F5E9; border-left: 4px solid {COLORS['success']}; padding: 12px; border-radius: 8px; color: {COLORS['success']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>✅ <b>判定正确</b><br><span style='font-size: 0.9em; color: #1B5E20;'>攻击者判定与真实身份一致。</span></div>"
     else:
+        v = f"<div style='background-color: #E3F2FD; border-left: 4px solid {COLORS['accent']}; padding: 12px; border-radius: 8px; color: {COLORS['accent']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>🛡️ <b>防御成功</b><br><span style='font-size: 0.9em; color: #0D47A1;'>攻击者判定错误，防御起到了保护作用。</span></div>"
+    table_html = f"""
+    <table style="width:100%; border-collapse: collapse; margin-top: 10px; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
+        <thead style="background-color: #F9F9F9;">
+            <tr>
+                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">项目</th>
+                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">攻击者判定</th>
+                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">真实身份</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">身份</td>
+                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{pl}</td>
+                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{al}</td>
+            </tr>
+            <tr>
+                <td style="padding: 10px; color: #1D1D1F;">Loss / 阈值</td>
+                <td style="padding: 10px; color: #1D1D1F;">Loss: {loss:.4f}</td>
+                <td style="padding: 10px; color: #1D1D1F;">阈值: {thr:.4f}</td>
+            </tr>
+        </tbody>
+    </table>
+    """
+    # 移除 \n\n 改用 div 控制间距
+    res = v + f"<div style='font-weight: 600; margin: 12px 0 8px 0;'>🎯 攻击目标: {lbl} <span style='margin-left: 20px; color: #86868B;'>📊 AUC: {auc_v:.4f}</span></div>" + table_html
+    qtxt = f"**样本 #{idx}**\n\n" + clean_text(sample.get('question',''))[:500]
+    return qtxt, gauge, res
+EVAL_CHOICES = (
+    ["基线模型"] +
+    [f"标签平滑 (ε={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
+    [f"输出扰动 (σ={s})" for s in OP_SIGMAS]
+)
+EVAL_KEY_MAP = {"基线模型": "baseline"}
+for e in [0.02, 0.05, 0.1, 0.2]: EVAL_KEY_MAP[f"标签平滑 (ε={e})"] = f"smooth_eps_{e}"
+for s in OP_SIGMAS: EVAL_KEY_MAP[f"输出扰动 (σ={s})"] = "baseline"
+def cb_eval(model_choice):
+    k = EVAL_KEY_MAP.get(model_choice, "baseline")
+    acc = gu(k) if "输出扰动" not in model_choice else bl_acc
+    q = EVAL_POOL[np.random.randint(len(EVAL_POOL))]
+    ok = q.get(k, q.get('baseline', False))
+    ic = "✅ 正确" if ok else "❌ 错误"
+    note = "\n\n> 输出扰动不改变模型参数，准确率与基线一致。" if "输出扰动" in model_choice else ""
+    table_html = f"""
+    <table style="width:100%; border-collapse: collapse; margin-top: 15px; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
+        <tbody>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0; width: 100px;">类型</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['type_cn']}</td></tr>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">题目</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['question']}</td></tr>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">正确答案</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['answer']}</td></tr>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600;">判定</td><td style="padding: 12px; color: #1D1D1F;">{ic}</td></tr>
+        </tbody>
+    </table>
+    """
+    return (f"<div style='font-weight: 600; margin-bottom: 10px;'>🤖 模型: {model_choice} <span style='margin-left: 20px; color: #86868B;'>🎯 准确率: {acc:.1f}%</span></div>" + table_html + note)
+def build_full_table():
+    rows = []
+    for k, l in zip(LS_KEYS, LS_LABELS_CN):
+        if k in mia_results:
+            m = mia_results[k]; u = gu(k)
+            t = "—" if k == "baseline" else "训练期"; d = "" if k == "baseline" else f"{m['auc']-bl_auc:+.4f}"
             rows.append(f"| {l} | {t} | {m['auc']:.4f} | {m['attack_accuracy']:.4f} | {m['precision']:.4f} | {m['recall']:.4f} | {m['f1']:.4f} | {m['tpr_at_5fpr']:.4f} | {m['tpr_at_1fpr']:.4f} | {m['loss_gap']:.4f} | {u:.1f}% | {d} |")
+    for k, l in zip(OP_KEYS, OP_LABELS_CN):
+        if k in perturb_results:
+            m = perturb_results[k]; d = f"{m['auc']-bl_auc:+.4f}"
+            rows.append(f"| {l} | 推理期 | {m['auc']:.4f} | {m['attack_accuracy']:.4f} | {m['precision']:.4f} | {m['recall']:.4f} | {m['f1']:.4f} | {m['tpr_at_5fpr']:.4f} | {m['tpr_at_1fpr']:.4f} | {m['loss_gap']:.4f} | {bl_acc:.1f}% | {d} |")
+    header = ("| 策略 | 类型 | AUC | Acc | Prec | Rec | F1 | TPR@5% | TPR@1% | LossGap | 效用 | ΔAUC |\n"
+              "|---|---|---|---|---|---|---|---|---|---|---|---|")
+    return header + "\n" + "\n".join(rows)
 # ================================================================
+# CSS - 简约苹果风
 # ================================================================
+CSS = """
+:root {
+    --primary-blue: #007AFF;
+    --bg-light: #F5F5F7;
+    --card-bg: #FFFFFF;
+    --text-dark: #1D1D1F;
+    --text-gray: #86868B;
+    --border-color: #D2D2D7;
+}
+body {
+    background-color: var(--bg-light) !important;
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif !important;
+    color: var(--text-dark) !important;
+}
+.gradio-container {
+    max-width: 1350px !important;
+    margin: 40px auto !important;
+}
+.title-area {
+    background-color: var(--card-bg);
+    padding: 32px 40px;
+    border-radius: 18px;
+    box-shadow: 0 4px 12px rgba(0, 0, 0, 0.05);
+    margin-bottom: 30px;
+    text-align: center;
+}
+.title-area h1 {
+    color: var(--text-dark) !important;
+    font-size: 2.2rem !important;
+    font-weight: 700 !important;
+    margin-bottom: 10px !important;
+    letter-spacing: -0.5px;
+}
+.title-area p { color: var(--text-gray) !important; font-size: 1.1rem !important; margin-bottom: 15px !important; }
+.title-area .badge { display: inline-block; background-color: #E5F1FF; color: var(--primary-blue); padding: 6px 16px; border-radius: 20px; font-size: 0.9rem; font-weight: 600; }
+.tabitem { background-color: var(--card-bg) !important; border-radius: 18px !important; border: none !important; box-shadow: 0 8px 24px rgba(0, 0, 0, 0.08) !important; padding: 40px !important; margin-top: 20px !important; }
+.tab-nav { border-bottom: none !important; gap: 10px !important; background: transparent !important; padding-bottom: 5px !important; }
+.tab-nav button { font-size: 15px !important; padding: 10px 20px !important; font-weight: 500 !important; color: var(--text-gray) !important; background: rgba(0,0,0,0.03) !important; border: none !important; border-radius: 12px !important; transition: all 0.2s ease !important; }
+.tab-nav button:hover { background: rgba(0,0,0,0.06) !important; color: var(--text-dark) !important; }
+.tab-nav button.selected { color: var(--primary-blue) !important; background: #E5F1FF !important; font-weight: 600 !important; }
+.prose { color: var(--text-dark) !important; }
+.prose h2 { color: var(--text-dark) !important; font-weight: 700 !important; border-bottom: 1px solid var(--border-color) !important; padding-bottom: 12px !important; margin-top: 30px !important; }
+.prose h3 { color: var(--text-dark) !important; font-weight: 600 !important; margin-top: 24px !important; }
+.prose h4 { color: var(--text-gray) !important; font-weight: 600 !important; margin-bottom: 12px !important; }
+.prose table { border-collapse: separate !important; border-spacing: 0 !important; width: 100% !important; border: 1px solid var(--border-color) !important; border-radius: 12px !important; overflow: hidden !important; box-shadow: 0 2px 8px rgba(0,0,0,0.04) !important; }
+.prose th { background: #F9F9F9 !important; color: var(--text-gray) !important; font-weight: 600 !important; padding: 14px 18px !important; text-align: left !important; border-bottom: 1px solid var(--border-color) !important; white-space: nowrap !important; }
+.prose td { padding: 14px 18px !important; color: var(--text-dark) !important; border-bottom: 1px solid var(--border-color) !important; background: var(--card-bg) !important; white-space: nowrap !important; }
+.prose tr:last-child td { border-bottom: none !important; }
+.prose tr:hover td { background: #F5F7FA !important; }
+button.primary { background-color: var(--primary-blue) !important; color: white !important; border: none !important; border-radius: 10px !important; font-weight: 600 !important; padding: 12px 24px !important; box-shadow: 0 2px 6px rgba(0, 122, 255, 0.25) !important; transition: all 0.2s !important; }
+button.primary:hover { background-color: #0062CC !important; box-shadow: 0 4px 10px rgba(0, 122, 255, 0.35) !important; transform: translateY(-1px) !important; }
+.card-wrap { background: var(--card-bg) !important; border: 1px solid var(--border-color) !important; border-radius: 14px !important; padding: 24px !important; box-shadow: 0 2px 8px rgba(0,0,0,0.04) !important; }
+.block.svelte-12cmxck { border-radius: 12px !important; border-color: var(--border-color) !important; }
+.input-label { color: var(--text-gray) !important; font-weight: 500 !important; }
+footer { display: none !important; }
 """
 # ================================================================
+# UI 布局
 # ================================================================
+with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo:
+    gr.HTML("""<div class="title-area">
+        <h1>🎓 教育大模型中的成员推理攻击及其防御研究</h1>
+        <p>Membership Inference Attack & Defense on Educational LLM</p>
+        <div class="badge">✨ 11组实验 × 8维指标 × 2种策略</div>
     </div>""")
+    with gr.Tab("📊 实验总览"):
+        gr.Markdown(f"## 📌 研究背景与目标\n\n本研究基于 **{model_name}** 微调的数��辅导模型，系统验证成员推理攻击（MIA）风险并评估两类防御策略。")
+        gr.HTML(f"""<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:20px;margin:30px 0;">
+        <div class="card-wrap" style="text-align:center;">
+            <div style="font-size:32px;font-weight:700;color:{COLORS['accent']};margin-bottom:8px;">5</div>
+            <div style="font-size:14px;color:{COLORS['text_dim']};font-weight:600;">训练模型</div>
+            <div style="font-size:30px;margin-top:10px;">🤖</div>
+        </div>
+        <div class="card-wrap" style="text-align:center;">
+            <div style="font-size:32px;font-weight:700;color:{COLORS['accent2']};margin-bottom:8px;">6</div>
+            <div style="font-size:14px;color:{COLORS['text_dim']};font-weight:600;">扰动配置</div>
+            <div style="font-size:30px;margin-top:10px;">🎛️</div>
+        </div>
+        <div class="card-wrap" style="text-align:center;">
+            <div style="font-size:32px;font-weight:700;color:{COLORS['success']};margin-bottom:8px;">8</div>
+            <div style="font-size:14px;color:{COLORS['text_dim']};font-weight:600;">评估指标</div>
+            <div style="font-size:30px;margin-top:10px;">📈</div>
+        </div>
+        <div class="card-wrap" style="text-align:center;">
+            <div style="font-size:32px;font-weight:700;color:{COLORS['warning']};margin-bottom:8px;">2000</div>
+            <div style="font-size:14px;color:{COLORS['text_dim']};font-weight:600;">测试样本</div>
+            <div style="font-size:30px;margin-top:10px;">📄</div>
+        </div>
+        </div>""")
+        with gr.Accordion("📋 完整实验结果表（11组 × 8维度）", open=True):
+            gr.Markdown(build_full_table())
+    with gr.Tab("📁 数据与模型"):
+        gr.HTML("""<div style="display:flex; flex-direction:row; gap:25px; margin-bottom:30px; align-items:stretch;">
+        <div class="card-wrap" style="flex:1; display:flex; flex-direction:column;">
+            <h3 style="margin:0 0 15px;font-size:18px;color:#1D1D1F;">📦 数据组成</h3>
+            <table style="width:100%;border-collapse:collapse;font-size:14px; margin-bottom:auto;">
+                <tr style="background:#F9F9F9;"><th style="padding:12px;text-align:left;color:#86868B;">数据组</th><th style="padding:12px;text-align:left;color:#86868B;">数量</th><th style="padding:12px;text-align:left;color:#86868B;">用途</th><th style="padding:12px;text-align:left;color:#86868B;">说明</th></tr>
+                <tr><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">🔴 成员数据</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">1000条</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">模型训练</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">Loss偏低</td></tr>
+                <tr><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">🟢 非成员数据</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">1000条</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">攻击对照</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">Loss偏高</td></tr>
+            </table>
+        </div>
+        <div class="card-wrap" style="flex:1; display:flex; flex-direction:column;">
+            <h3 style="margin:0 0 15px;font-size:18px;color:#1D1D1F;">📚 任务分布</h3>
+            <table style="width:100%;border-collapse:collapse;font-size:14px; margin-bottom:auto;">
+                <tr style="background:#F9F9F9;"><th style="padding:12px;text-align:left;color:#86868B;">类别</th><th style="padding:12px;text-align:left;color:#86868B;">数量</th><th style="padding:12px;text-align:left;color:#86868B;">占比</th></tr>
+                <tr><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">🔢 基础计算</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">800</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">40%</td></tr>
+                <tr><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">📝 应用题</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">600</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">30%</td></tr>
+                <tr><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">💬 概念问答</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">400</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">20%</td></tr>
+                <tr><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">✏️ 错题订正</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">200</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">10%</td></tr>
+            </table>
+        </div></div>""")
+        gr.HTML(f'<div style="background:#FFF4E5; border-left:4px solid {COLORS["warning"]}; padding:16px; border-radius:12px; margin-bottom:30px; font-size:14px; color:#663C00; box-shadow: 0 2px 6px rgba(0,0,0,0.05);">⚠️ <b>注意：</b>两组数据格式完全相同（均含隐私字段），这是MIA实验的标准设置——攻击者无法从格式区分。</div>')
+        gr.Markdown("### 🔍 数据样例提取")
+        with gr.Row():
+            with gr.Column(scale=1):
+                gr.Markdown("#### ⚙️ 提取控制台")
+                d_src = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"], value="成员数据（训练集）", label="目标数据源")
+                d_btn = gr.Button("🎲 随机提取样本", variant="primary")
+                d_meta = gr.HTML()
             with gr.Column(scale=2):
+                gr.Markdown("#### 📄 样本详情")
+                d_q = gr.Textbox(label="🧑‍🎓 学生提问 (Prompt)", lines=6, interactive=False)
+                d_a = gr.Textbox(label="💡 标准回答 (Ground Truth)", lines=6, interactive=False)
+        d_btn.click(cb_sample, [d_src], [d_meta, d_q, d_a])
+    with gr.Tab("🎯 攻击验证"):
+        gr.Markdown("## 🕵️ 成员推理攻击交互演示\n\n配置攻击目标与数据源，系统将执行 Loss 计算并映射判定边界。")
+        with gr.Row():
+            with gr.Column(scale=1):
+                gr.Markdown("#### ⚙️ 攻击配置台")
+                a_t = gr.Dropdown(choices=ATK_CHOICES, value=ATK_CHOICES[0], label="🎯 选择被攻击模型", interactive=True)
+                a_s = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"], value="成员数据（训练集）", label="📂 输入数据源")
+                a_i = gr.Slider(0, 999, step=1, value=12, label="📌 定位样本 ID")
+                a_b = gr.Button("⚡ 执行成员推理攻击", variant="primary")
+                a_qt = gr.Markdown()
             with gr.Column(scale=2):
+                gr.Markdown("#### 📉 攻击结果与 Loss 边界")
+                a_g = gr.Plot(label="Loss位置判定 (Decision Boundary)")
+                a_r = gr.HTML()
+        a_b.click(cb_attack, [a_i, a_s, a_t], [a_qt, a_g, a_r])
+    with gr.Tab("🛡️ 防御分析"):
+        gr.Markdown("## 🔍 多维度攻防效果对比分析")
+        gr.Markdown(f"### 1️⃣ 攻击成功率全景对比 (AUC)\n\n> 柱子越短 = AUC越低 = 防御越有效。基线AUC={bl_auc:.4f}，标签平滑最低降至{gm('smooth_eps_0.2','auc'):.4f}，输出扰动最低降至{gm('perturbation_0.03','auc'):.4f}。")
         gr.Plot(value=fig_auc_bar())
+        gr.Markdown("### 2️⃣ 多指标雷达图对比\n\n> 红色区域(基线)越大=攻击越强，青/绿色区域(防御)越小=防御越有效。防御后所有维度均有显著缩小。")
+        gr.Plot(value=fig_radar_compare())
+        gr.Markdown("### 3️⃣ ROC曲线对比\n\n> 曲线越贴近对角线=攻击越接近随机猜测=防御越有效。左图标签平滑，右图输出扰动。")
+        gr.Plot(value=fig_roc_curves())
+        gr.Markdown(f"### 4️⃣ 低误报率下的攻击能力\n\n> 基线 TPR@5%FPR={gm('baseline','tpr_at_5fpr'):.4f}，防御后显著下降。这是衡量攻击危害的最严格指标。")
+        gr.Plot(value=fig_tpr_at_low_fpr())
+        gr.Markdown("### 5️⃣ Loss差距对比\n\n> Gap越小=成员与非成员越难区分=防御越有效。防御的目标就是缩小这个差距。")
+        gr.Plot(value=fig_loss_gap_waterfall())
+        gr.Markdown("### 6️⃣ 防御参数与效果关系\n\n> 左图：AUC递减+效用反升=双赢。右图：绿色填充面积=防御收益。")
+        gr.Plot(value=fig_auc_trend())
+        with gr.Accordion("📉 Loss分布直方图（标签平滑 5模型）", open=False):
             gr.Plot(value=fig_loss_dist())
+        with gr.Accordion("📉 Loss分布直方图（输出扰动 6组）", open=False):
+            gr.Plot(value=fig_perturb_dist())
+        with gr.Accordion("📋 完整数据表", open=False):
+            gr.Markdown(build_full_table())
+    with gr.Tab("⚖️ 效用评估"):
+        gr.Markdown("## 📊 模型效用测试")
+        with gr.Row():
+            with gr.Column(): gr.Plot(value=fig_acc_bar())
             with gr.Column(): gr.Plot(value=fig_tradeoff())
+        gr.Markdown(f"> 标签平滑实现“双赢”：基线{bl_acc:.1f}% → LS(ε=0.2) {gu('smooth_eps_0.2'):.1f}%。输出扰动始终保持{bl_acc:.1f}%。")
+        gr.Markdown("### 🧪 在线抽题演示")
+        with gr.Row():
             with gr.Column(scale=1):
+                gr.Markdown("#### ⚙️ 测试配置")
+                e_m = gr.Dropdown(choices=EVAL_CHOICES, value="基线模型", label="🤖 选择测试模型", interactive=True)
+                e_b = gr.Button("🎲 随机抽题测试", variant="primary")
             with gr.Column(scale=2):
+                gr.Markdown("#### 📝 模型作答结果")
+                e_r = gr.HTML()
+        e_b.click(cb_eval, [e_m], [e_r])
+    with gr.Tab("📝 研究结论"):
         gr.Markdown(f"""\
+## 核心研究发现
+---
+### 一、教育大模型存在可量化的MIA风险
+基线 AUC = **{bl_auc:.4f}**，攻击准确率 **{gm('baseline','attack_accuracy')*100:.1f}%**
+### 二、标签平滑防御 (训练期)
+| ε 参数 | AUC | 效用准确率 |
 |---|---|---|
 | 0.02 | {gm('smooth_eps_0.02','auc'):.4f} | {gu('smooth_eps_0.02'):.1f}% |
 | 0.05 | {gm('smooth_eps_0.05','auc'):.4f} | {gu('smooth_eps_0.05'):.1f}% |
 | 0.1 | {gm('smooth_eps_0.1','auc'):.4f} | {gu('smooth_eps_0.1'):.1f}% |
 | 0.2 | {gm('smooth_eps_0.2','auc'):.4f} | {gu('smooth_eps_0.2'):.1f}% |
+### 三、输出扰动防御 (推理期)
+| σ 参数 | AUC | 效用准确率 |
 |---|---|---|
+| 0.005 | {gm('perturbation_0.005','auc'):.4f} | {bl_acc:.1f}% |
+| 0.01 | {gm('perturbation_0.01','auc'):.4f} | {bl_acc:.1f}% |
+| 0.015 | {gm('perturbation_0.015','auc'):.4f} | {bl_acc:.1f}% |
+| 0.02 | {gm('perturbation_0.02','auc'):.4f} | {bl_acc:.1f}% |
+| 0.025 | {gm('perturbation_0.025','auc'):.4f} | {bl_acc:.1f}% |
+| 0.03 | {gm('perturbation_0.03','auc'):.4f} | {bl_acc:.1f}% |
+> **🌟 最佳实践建议: LS(ε=0.1) + OP(σ=0.02)**
+> 结合训练期正则化缩小 Loss Gap，与推理期加噪遮蔽信号，实现隐私与效用的双重保障。
 """)
 demo.launch()