Update app.py

app.py

@@ -1,7 +1,8 @@
 # ================================================================
-# 教育大模型MIA攻防研究 - Gradio演示系统 v9.0 答辩专属版
-# 1. 继承 v8.0 的原生 Unicode ε 和 σ，以及完美的图表渲染逻辑
-# 2. 融入 D1-D5 五维度答辩逻辑，直接将汇报思路可视化
+# 教育大模型MIA攻防研究 - Gradio演示系统 v10.0 顶会答辩版
+# 1. 图表全面中文化（内置自动下载黑体）
+# 2. 完美恢复首页苹果风卡片与总览图，重组效用页面
+# 3. 增强三联 Loss 对比直方图，攻防对比一目了然
 # ================================================================
 
 import os
@@ -13,9 +14,24 @@ matplotlib.use('Agg')
 import matplotlib.pyplot as plt
 from sklearn.metrics import roc_curve, roc_auc_score
 import gradio as gr
+import urllib.request
+from matplotlib.font_manager import FontProperties
 
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
+# ================================================================
+# 核心修复：自动下载并加载中文字体，确保图表纯中文无乱码
+# ================================================================
+font_path = os.path.join(BASE_DIR, "SimHei.ttf")
+if not os.path.exists(font_path):
+    print("正在下载中文字体库...")
+    try:
+        urllib.request.urlretrieve("https://raw.githubusercontent.com/StellarCN/scp_zh/master/fonts/SimHei.ttf", font_path)
+    except Exception as e:
+        print(f"字体下载失败: {e}")
+zh_font = FontProperties(fname=font_path, size=12) if os.path.exists(font_path) else None
+zh_font_title = FontProperties(fname=font_path, size=14, weight='bold') if os.path.exists(font_path) else None
+
 # ================================================================
 # 数据加载 
 # ================================================================
@@ -25,12 +41,9 @@ def load_json(path):
         return json.load(f)
 
 def clean_text(text):
-    if not isinstance(text, str):
-        return str(text)
+    if not isinstance(text, str): return str(text)
     text = re.sub(r'[\U00010000-\U0010ffff]', '', text)
-    text = re.sub(r'[\ufff0-\uffff]', '', text)
-    text = re.sub(r'[\u200b-\u200f\u2028-\u202f\u2060-\u206f\ufeff]', '', text)
-    return text.strip()
+    return re.sub(r'[\u200b-\u200f\u2028-\u202f\u2060-\u206f\ufff0-\uffff\ufeff]', '', text).strip()
 
 # 尝试加载数据，如果不存在则使用虚拟数据以确保运行
 try:
@@ -63,21 +76,12 @@ except FileNotFoundError:
         perturb_results[k]["non_member_loss_std"] = np.sqrt(0.03**2 + s**2)
 
 # ================================================================
-# 全局图表配置
+# 图表配色与基础函数
 # ================================================================
 COLORS = {
-    'bg': '#FFFFFF',           
-    'panel': '#F5F7FA',        
-    'grid': '#E2E8F0',         
-    'text': '#1E293B',         
-    'text_dim': '#64748B',     
-    'accent': '#007AFF',       
-    'accent2': '#5856D6',      
-    'danger': '#FF3B30',       
-    'success': '#34C759',      
-    'warning': '#FF9500',      
-    'baseline': '#8E8E93',     
-    'ls_colors': ['#A0C4FF', '#70A1FF', '#478EFF', '#007AFF'], 
+    'bg': '#FFFFFF', 'panel': '#F5F7FA', 'grid': '#E2E8F0', 'text': '#1E293B', 'text_dim': '#64748B',     
+    'accent': '#007AFF', 'accent2': '#5856D6', 'danger': '#FF3B30', 'success': '#34C759', 'warning': '#FF9500',      
+    'baseline': '#8E8E93', 'ls_colors': ['#A0C4FF', '#70A1FF', '#478EFF', '#007AFF'], 
     'op_colors': ['#98F5E1', '#6EE7B7', '#34D399', '#10B981', '#059669', '#047857'], 
 }
 CHART_W = 14
@@ -88,30 +92,20 @@ def apply_light_style(fig, ax_or_axes):
     for ax in axes:
         ax.set_facecolor(COLORS['panel'])
         for spine in ax.spines.values():
-            spine.set_color(COLORS['grid'])
-            spine.set_linewidth(1)
+            spine.set_color(COLORS['grid']); spine.set_linewidth(1)
         ax.tick_params(colors=COLORS['text_dim'], labelsize=10, width=1)
-        ax.xaxis.label.set_color(COLORS['text'])
-        ax.yaxis.label.set_color(COLORS['text'])
-        ax.title.set_color(COLORS['text'])
-        ax.title.set_fontweight('semibold')
         ax.grid(True, color=COLORS['grid'], alpha=0.6, linestyle='-', linewidth=0.8)
         ax.set_axisbelow(True) 
 
-# ================================================================
-# 维持 v8.0 的完美 Unicode ε 和 σ
-# ================================================================
 LS_KEYS = ["baseline", "smooth_eps_0.02", "smooth_eps_0.05", "smooth_eps_0.1", "smooth_eps_0.2"]
-LS_LABELS_PLOT = ["Baseline", "LS(ε=0.02)", "LS(ε=0.05)", "LS(ε=0.1)", "LS(ε=0.2)"]
+LS_LABELS_PLOT = ["Baseline", r"LS($\epsilon$=0.02)", r"LS($\epsilon$=0.05)", r"LS($\epsilon$=0.1)", r"LS($\epsilon$=0.2)"]
 LS_LABELS_MD = ["基线(Baseline)", "LS(ε=0.02)", "LS(ε=0.05)", "LS(ε=0.1)", "LS(ε=0.2)"]
 
 OP_SIGMAS = [0.005, 0.01, 0.015, 0.02, 0.025, 0.03]
 OP_KEYS = [f"perturbation_{s}" for s in OP_SIGMAS]
-OP_LABELS_PLOT = [f"OP(σ={s})" for s in OP_SIGMAS]
+OP_LABELS_PLOT = [f"OP($\sigma$={s})" for s in OP_SIGMAS]
 OP_LABELS_MD = [f"OP(σ={s})" for s in OP_SIGMAS]
 
-ALL_KEYS = LS_KEYS + OP_KEYS
-
 def gm(key, metric, default=0):
     if key in mia_results: return mia_results[key].get(metric, default)
     if key in perturb_results: return perturb_results[key].get(metric, default)
@@ -127,58 +121,13 @@ bl_acc = gu("baseline")
 bl_m_mean = gm("baseline", "member_loss_mean")
 bl_nm_mean = gm("baseline", "non_member_loss_mean")
 
-TYPE_CN = {'calculation': '基础计算', 'word_problem': '应用题', 'concept': '概念问答', 'error_correction': '错题订正'}
-
-np.random.seed(777)
-EVAL_POOL = []
-_types = ['calculation']*120 + ['word_problem']*90 + ['concept']*60 + ['error_correction']*30
-for _i in range(300):
-    _t = _types[_i]
-    if _t == 'calculation':
-        _a, _b = int(np.random.randint(10,500)), int(np.random.randint(10,500))
-        _op = ['+','-','x'][_i%3]
-        if _op=='+': _q,_ans=f"{_a} + {_b} = ?",str(_a+_b)
-        elif _op=='-': _q,_ans=f"{_a} - {_b} = ?",str(_a-_b)
-        else: _q,_ans=f"{_a} x {_b} = ?",str(_a*_b)
-    elif _t == 'word_problem':
-        _a,_b = int(np.random.randint(5,200)), int(np.random.randint(3,50))
-        _tpls = [(f"{_a} apples, ate {_b}, left?",str(_a-_b)), (f"{_a} per group, {_b} groups, total?",str(_a*_b))]
-        _q,_ans = _tpls[_i%len(_tpls)]
-    elif _t == 'concept':
-        _cs = [("area","Area = space occupied by a shape"),("perimeter","Perimeter = total boundary length")]
-        _cn,_df = _cs[_i%len(_cs)]; _q,_ans = f"What is {_cn}?",_df
-    else:
-        _a,_b = int(np.random.randint(10,99)), int(np.random.randint(10,99))
-        _w = _a+_b+int(np.random.choice([-1,1,-10,10]))
-        _q,_ans = f"Student got {_a}+{_b}={_w}, correct?",str(_a+_b)
-    item = {'question':_q,'answer':_ans,'type_cn':TYPE_CN[_t]}
-    for key in LS_KEYS:
-        acc = gu(key)/100; item[key] = bool(np.random.random()<acc)
-    EVAL_POOL.append(item)
-
 # ================================================================
-# 图表绘制函数
+# 纯中文图表绘制 (严格应用学术标准)
 # ================================================================
-def fig_gauge(loss_val, m_mean, nm_mean, thr, m_std, nm_std):
-    fig, ax = plt.subplots(figsize=(10, 2.6)); fig.patch.set_facecolor(COLORS['bg']); ax.set_facecolor(COLORS['panel'])
-    xlo = min(m_mean - 3.0 * m_std, loss_val - 0.005); xhi = max(nm_mean + 3.0 * nm_std, loss_val + 0.005)
-    ax.axvspan(xlo, thr, alpha=0.2, color=COLORS['accent']); ax.axvspan(thr, xhi, alpha=0.2, color=COLORS['danger'])
-    ax.axvline(m_mean, color=COLORS['accent'], lw=2, ls=':', alpha=0.8, zorder=2)
-    ax.text(m_mean - 0.002, 1.02, f'Member Mean\n{m_mean:.4f}', ha='right', va='bottom', fontsize=9, color=COLORS['accent'], transform=ax.get_xaxis_transform())
-    ax.axvline(nm_mean, color=COLORS['danger'], lw=2, ls=':', alpha=0.8, zorder=2)
-    ax.text(nm_mean + 0.002, 1.02, f'Non-Member Mean\n{nm_mean:.4f}', ha='left', va='bottom', fontsize=9, color=COLORS['danger'], transform=ax.get_xaxis_transform())
-    ax.axvline(thr, color=COLORS['text_dim'], lw=2.5, ls='--', zorder=3)
-    ax.text(thr, 1.25, f'Threshold\n{thr:.4f}', ha='center', va='bottom', fontsize=10, fontweight='bold', color=COLORS['text_dim'], transform=ax.get_xaxis_transform())
-    mc = COLORS['accent'] if loss_val < thr else COLORS['danger']
-    ax.plot(loss_val, 0.5, marker='o', ms=16, color='white', mec=mc, mew=3, zorder=5, transform=ax.get_xaxis_transform())
-    ax.text(loss_val, 0.75, f'Current Loss\n{loss_val:.4f}', ha='center', fontsize=11, fontweight='bold', color=mc, transform=ax.get_xaxis_transform())
-    ax.text((xlo+thr)/2, 0.25, 'MEMBER', ha='center', fontsize=12, color=COLORS['accent'], alpha=0.6, fontweight='bold', transform=ax.get_xaxis_transform())
-    ax.text((thr+xhi)/2, 0.25, 'NON-MEMBER', ha='center', fontsize=12, color=COLORS['danger'], alpha=0.6, fontweight='bold', transform=ax.get_xaxis_transform())
-    ax.set_xlim(xlo, xhi); ax.set_yticks([])
-    for s in ax.spines.values(): s.set_visible(False)
-    ax.spines['bottom'].set_visible(True); ax.spines['bottom'].set_color(COLORS['grid']); ax.tick_params(colors=COLORS['text_dim'], width=1)
-    ax.set_xlabel('Loss Value', fontsize=11, color=COLORS['text'], fontweight='medium'); plt.tight_layout(pad=0.5)
-    return fig
+def set_ax_title(ax, title, is_title=True):
+    if zh_font_title and is_title: ax.set_title(title, fontproperties=zh_font_title, pad=15)
+    elif zh_font and not is_title: ax.set_xlabel(title, fontproperties=zh_font)
+    else: ax.set_title(title, fontweight='bold', pad=15) if is_title else ax.set_xlabel(title)
 
 def fig_auc_bar():
     names, vals, clrs = [], [], []
@@ -190,44 +139,59 @@ def fig_auc_bar():
     fig, ax = plt.subplots(figsize=(14, 6)); apply_light_style(fig, ax)
     bars = ax.bar(range(len(names)), vals, color=clrs, width=0.65, edgecolor='none', zorder=3)
     for b,v in zip(bars, vals): ax.text(b.get_x()+b.get_width()/2, v+0.01, f'{v:.4f}', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
-    ax.axhline(0.5, color=COLORS['text_dim'], ls='--', lw=1.5, alpha=0.6, label='Random Guess (0.5)', zorder=2)
-    ax.axhline(bl_auc, color=COLORS['danger'], ls=':', lw=1.5, alpha=0.8, label=f'Baseline ({bl_auc:.4f})', zorder=2)
-    ax.set_ylabel('MIA Attack AUC', fontsize=12, fontweight='medium'); ax.set_title('[D1] Defense Effectiveness: MIA AUC Comparison', fontsize=14, fontweight='bold', pad=20)
+    ax.axhline(0.5, color=COLORS['text_dim'], ls='--', lw=1.5, alpha=0.6, zorder=2)
+    ax.axhline(bl_auc, color=COLORS['danger'], ls=':', lw=1.5, alpha=0.8, zorder=2)
+    set_ax_title(ax, '防御效果对比：MIA 攻击 AUC 成功率')
+    if zh_font: ax.set_ylabel('MIA 攻击 AUC', fontproperties=zh_font)
     ax.set_ylim(0.45, max(vals)+0.05); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=11)
-    ax.legend(facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], fontsize=10, loc='upper right'); plt.tight_layout()
-    return fig
-
-def fig_radar():
-    ms = ['AUC', 'Atk Acc', 'Prec', 'Recall', 'F1', 'TPR@5%', 'TPR@1%', 'Gap']
-    mk = ['auc', 'attack_accuracy', 'precision', 'recall', 'f1', 'tpr_at_5fpr', 'tpr_at_1fpr', 'loss_gap']
-    N = len(ms); ag = np.linspace(0, 2 * np.pi, N, endpoint=False).tolist() + [0]
-    fig, axes = plt.subplots(1, 2, figsize=(CHART_W + 2, 7), subplot_kw=dict(polar=True)); fig.patch.set_facecolor('white')
+    plt.tight_layout(); return fig
 
-    ls_cfgs = [("Baseline", "baseline", '#F04438'), ("LS(ε=0.02)", "smooth_eps_0.02", '#B2DDFF'), ("LS(ε=0.05)", "smooth_eps_0.05", '#84CAFF'), ("LS(ε=0.1)", "smooth_eps_0.1", '#2E90FA'), ("LS(ε=0.2)", "smooth_eps_0.2", '#7A5AF8')]
-    op_cfgs = [("Baseline", "baseline", '#F04438'), ("OP(σ=0.005)", "perturbation_0.005", '#A6F4C5'), ("OP(σ=0.01)", "perturbation_0.01", '#6CE9A6'), ("OP(σ=0.015)", "perturbation_0.015", '#32D583'), ("OP(σ=0.02)", "perturbation_0.02", '#12B76A'), ("OP(σ=0.025)", "perturbation_0.025", '#039855'), ("OP(σ=0.03)", "perturbation_0.03", '#027A48')]
+def fig_roc_curves():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 7)); apply_light_style(fig, axes)
+    ax = axes[0]; ls_colors = [COLORS['danger']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)):
+        if k not in full_losses: continue
+        m = np.array(full_losses[k]['member_losses']); nm = np.array(full_losses[k]['non_member_losses'])
+        y_true = np.concatenate([np.ones(len(m)), np.zeros(len(nm))]); y_scores = np.concatenate([-m, -nm])
+        fpr, tpr, _ = roc_curve(y_true, y_scores); auc_val = roc_auc_score(y_true, y_scores)
+        ax.plot(fpr, tpr, color=ls_colors[i], lw=2.5, label=f'{l} (AUC={auc_val:.4f})')
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5); set_ax_title(ax, 'ROC 曲线对比：标签平滑 (LS)')
+    if zh_font: ax.set_xlabel('假阳性率 (FPR)', fontproperties=zh_font); ax.set_ylabel('真阳性率 (TPR)', fontproperties=zh_font)
+    ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none')
+    
+    ax = axes[1]
+    if 'baseline' in full_losses:
+        ml_base = np.array(full_losses['baseline']['member_losses']); nl_base = np.array(full_losses['baseline']['non_member_losses']); y_true = np.concatenate([np.ones(len(ml_base)), np.zeros(len(nl_base))]); y_scores = np.concatenate([-ml_base, -nl_base])
+        fpr, tpr, _ = roc_curve(y_true, y_scores); ax.plot(fpr, tpr, color=COLORS['danger'], lw=2.5, label=f'Baseline (AUC={bl_auc:.4f})')
+        for i, s in enumerate(OP_SIGMAS):
+            rng_m = np.random.RandomState(42); rng_nm = np.random.RandomState(137); mp = ml_base + rng_m.normal(0, s, len(ml_base)); np_ = nl_base + rng_nm.normal(0, s, len(nl_base)); y_scores_p = np.concatenate([-mp, -np_]); fpr_p, tpr_p, _ = roc_curve(y_true, y_scores_p); auc_p = roc_auc_score(y_true, y_scores_p)
+            ax.plot(fpr_p, tpr_p, color=COLORS['op_colors'][i], lw=2, label=f'OP($\sigma$={s}) (AUC={auc_p:.4f})')
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5); set_ax_title(ax, 'ROC 曲线对比：输出扰动 (OP)')
+    if zh_font: ax.set_xlabel('假阳性率 (FPR)', fontproperties=zh_font); ax.set_ylabel('真阳性率 (TPR)', fontproperties=zh_font)
+    ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', loc='lower right'); plt.tight_layout()
+    return fig
 
-    for ax_idx, (ax, cfgs, title) in enumerate([(axes[0], ls_cfgs, '[D4] Label Smoothing (5 models)'), (axes[1], op_cfgs, '[D4] Output Perturbation (7 configs)')]):
-        ax.set_facecolor('white')
-        mx = [max(gm(k, m_key) for _, k, _ in cfgs) for m_key in mk]; mx = [m if m > 0 else 1 for m in mx]
-        for nm, ky, cl in cfgs:
-            v = [gm(ky, m_key) / mx[i] for i, m_key in enumerate(mk)]; v += [v[0]]
-            ax.plot(ag, v, 'o-', lw=2.8 if ky == 'baseline' else 1.8, label=nm, color=cl, ms=5, alpha=0.95 if ky == 'baseline' else 0.85)
-            ax.fill(ag, v, alpha=0.10 if ky == 'baseline' else 0.04, color=cl)
-        ax.set_xticks(ag[:-1]); ax.set_xticklabels(ms, fontsize=10, color=COLORS['text']); ax.set_yticklabels([])
-        ax.set_title(title, fontsize=12, fontweight='700', color=COLORS['text'], pad=18)
-        ax.legend(loc='upper right', bbox_to_anchor=(1.35 if ax_idx == 1 else 1.30, 1.12), fontsize=9, framealpha=0.9, edgecolor=COLORS['grid'])
-        ax.spines['polar'].set_color(COLORS['grid']); ax.grid(color=COLORS['grid'], alpha=0.5)
-    plt.tight_layout()
+def fig_tpr_at_low_fpr():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); labels_all, tpr5_all, tpr1_all, colors_all = [], [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(COLORS['op_colors'][i])
+    x = range(len(labels_all)); ax = axes[0]; bars = ax.bar(x, tpr5_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, tpr5_all): ax.text(b.get_x()+b.get_width()/2, v+0.005, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
+    set_ax_title(ax, '实战极限防御：5% 误报率下的 TPR'); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.05, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7)
+    
+    ax = axes[1]; bars = ax.bar(x, tpr1_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, tpr1_all): ax.text(b.get_x()+b.get_width()/2, v+0.003, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
+    set_ax_title(ax, '实战极限防御：1% 误报率下的 TPR (极其严格)'); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.01, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7); plt.tight_layout()
     return fig
 
-# 专门提取出来的 D3 核心对比图
+# 🌟 修复并放大的终极 3联 Loss 分布对比图
 def fig_d3_dist_compare():
     configs = [
-        ("Baseline (No Defense)", "baseline", COLORS['danger'], None),
-        ("LS(ε=0.2) Defense", "smooth_eps_0.2", COLORS['accent2'], None),
-        ("OP(σ=0.03) Defense", "baseline", COLORS['success'], 0.03),
+        ("基线模型 (无防御)", "baseline", COLORS['danger'], None),
+        (r"标签平滑 (LS, $\epsilon$=0.2)", "smooth_eps_0.2", COLORS['accent2'], None),
+        (r"输出扰动 (OP, $\sigma$=0.03)", "baseline", COLORS['success'], 0.03),
     ]
-    fig, axes = plt.subplots(1, 3, figsize=(CHART_W+2, 4.5))
+    fig, axes = plt.subplots(1, 3, figsize=(18, 5))
     apply_light_style(fig, axes)
 
     for idx, (title, key, color, sigma) in enumerate(configs):
@@ -241,260 +205,97 @@ def fig_d3_dist_compare():
                 nm_losses = nm_losses + rn.normal(0, sigma, len(nm_losses))
             all_v = np.concatenate([m_losses, nm_losses])
             bins = np.linspace(all_v.min(), all_v.max(), 35)
-            ax.hist(m_losses, bins=bins, alpha=0.55, color=COLORS['accent'], label='Member', density=True, edgecolor='white')
-            ax.hist(nm_losses, bins=bins, alpha=0.55, color=COLORS['danger'], label='Non-Member', density=True, edgecolor='white')
+            ax.hist(m_losses, bins=bins, alpha=0.55, color=COLORS['accent'], label='成员 (Member)', density=True, edgecolor='white')
+            ax.hist(nm_losses, bins=bins, alpha=0.55, color=COLORS['danger'], label='非成员 (Non-Member)', density=True, edgecolor='white')
             m_mean = np.mean(m_losses); nm_mean = np.mean(nm_losses)
             gap = nm_mean - m_mean
-            ax.axvline(m_mean, color=COLORS['accent'], ls='--', lw=1.5, alpha=0.7)
-            ax.axvline(nm_mean, color=COLORS['danger'], ls='--', lw=1.5, alpha=0.7)
-            ax.annotate(f'Gap={gap:.4f}', xy=((m_mean+nm_mean)/2, ax.get_ylim()[1]*0.85 if ax.get_ylim()[1]>0 else 5),
-                       fontsize=10, fontweight='bold', color=color, ha='center',
-                       bbox=dict(boxstyle='round,pad=0.3', fc='white', ec=color, alpha=0.9))
-        ax.set_title(title, fontsize=11, fontweight='700', color=color)
-        ax.set_xlabel('Loss', fontsize=10)
-        if idx==0: ax.set_ylabel('Density', fontsize=10)
-        ax.legend(fontsize=9, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
-    fig.suptitle('[D3] Loss Distribution: Before vs After Defense', fontsize=14, fontweight='bold', color=COLORS['text'], y=1.02)
+            ax.axvline(m_mean, color=COLORS['accent'], ls='--', lw=2, alpha=0.8)
+            ax.axvline(nm_mean, color=COLORS['danger'], ls='--', lw=2, alpha=0.8)
+            ax.annotate(f'均值差距 Gap={gap:.4f}', xy=((m_mean+nm_mean)/2, ax.get_ylim()[1]*0.85 if ax.get_ylim()[1]>0 else 5),
+                       fontsize=11, fontweight='bold', color=color, ha='center',
+                       bbox=dict(boxstyle='round,pad=0.4', fc='white', ec=color, alpha=0.9), fontproperties=zh_font)
+        
+        if zh_font: ax.set_title(title, fontproperties=zh_font_title, pad=15); ax.set_xlabel('Loss 值', fontproperties=zh_font)
+        else: ax.set_title(title, fontweight='bold', pad=15)
+        
+        if idx==0 and zh_font: ax.set_ylabel('数据密度 (Density)', fontproperties=zh_font)
+        if zh_font: ax.legend(prop=zh_font, facecolor=COLORS['bg'], edgecolor='none')
+        else: ax.legend()
+        
+    if zh_font: fig.suptitle('核心原理对比：防御策略对底层 Loss 分布的物理影响', fontproperties=zh_font_title, fontsize=16, y=1.05)
     plt.tight_layout(); return fig
 
-def fig_loss_dist():
-    items = [(k, l, gm(k, 'auc')) for k, l in zip(LS_KEYS, LS_LABELS_PLOT) if k in full_losses]; n = len(items)
-    if n == 0: return plt.figure()
-    fig, axes = plt.subplots(1, n, figsize=(4.5*n, 4.5)); axes = [axes] if n == 1 else axes; apply_light_style(fig, axes)
-    for ax, (k, l, a) in zip(axes, items):
-        m = full_losses[k]['member_losses']; nm = full_losses[k]['non_member_losses']; bins = np.linspace(min(min(m),min(nm)), max(max(m),max(nm)), 30)
-        ax.hist(m, bins=bins, alpha=0.6, color=COLORS['accent'], label='Member', density=True, edgecolor='white')
-        ax.hist(nm, bins=bins, alpha=0.6, color=COLORS['danger'], label='Non-Member', density=True, edgecolor='white')
-        ax.set_title(f'{l}\nAUC={a:.4f}', fontsize=11, fontweight='semibold'); ax.set_xlabel('Loss', fontsize=10); ax.set_ylabel('Density', fontsize=10)
-        ax.legend(fontsize=9, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
-    plt.tight_layout(); return fig
+def fig_loss_gap_waterfall():
+    fig, ax = plt.subplots(figsize=(14, 6)); apply_light_style(fig, ax); names, gaps, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(COLORS['op_colors'][i])
+    bars = ax.bar(range(len(names)), gaps, color=clrs, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, gaps): ax.text(b.get_x()+b.get_width()/2, v+0.0005, f'{v:.4f}', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
+    set_ax_title(ax, '各模型 成员 vs 非成员 Loss 均值差距'); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=11); plt.tight_layout()
+    return fig
 
-def fig_perturb_dist():
-    if 'baseline' not in full_losses: return plt.figure()
-    ml = np.array(full_losses['baseline']['member_losses']); nl = np.array(full_losses['baseline']['non_member_losses'])
-    fig, axes = plt.subplots(2, 3, figsize=(16, 9)); axes_flat = axes.flatten(); apply_light_style(fig, axes_flat)
-    for i, (ax, s) in enumerate(zip(axes_flat, OP_SIGMAS)):
-        rng_m = np.random.RandomState(42); rng_nm = np.random.RandomState(137)
-        mp = ml + rng_m.normal(0, s, len(ml)); np_ = nl + rng_nm.normal(0, s, len(nl)); v = np.concatenate([mp, np_])
-        bins = np.linspace(v.min(), v.max(), 28)
-        ax.hist(mp, bins=bins, alpha=0.6, color=COLORS['accent'], label='Mem+noise', density=True, edgecolor='white')
-        ax.hist(np_, bins=bins, alpha=0.6, color=COLORS['danger'], label='Non+noise', density=True, edgecolor='white')
-        pa = gm(f'perturbation_{s}', 'auc')
-        ax.set_title(f'OP(σ={s})\nAUC={pa:.4f}', fontsize=11, fontweight='semibold'); ax.set_xlabel('Loss', fontsize=10)
-        ax.legend(fontsize=9, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
-    plt.tight_layout(); return fig
+def fig_radar():
+    ms = ['AUC', 'Atk Acc', 'Prec', 'Recall', 'F1', 'TPR@5%', 'TPR@1%', 'Gap']
+    mk = ['auc', 'attack_accuracy', 'precision', 'recall', 'f1', 'tpr_at_5fpr', 'tpr_at_1fpr', 'loss_gap']
+    N = len(ms); ag = np.linspace(0, 2 * np.pi, N, endpoint=False).tolist() + [0]
+    fig, axes = plt.subplots(1, 2, figsize=(CHART_W + 2, 7), subplot_kw=dict(polar=True)); fig.patch.set_facecolor('white')
 
-def fig_roc_curves():
-    fig, axes = plt.subplots(1, 2, figsize=(16, 7)); apply_light_style(fig, axes)
-    ax = axes[0]; ls_colors = [COLORS['danger'], COLORS['ls_colors'][0], COLORS['ls_colors'][1], COLORS['ls_colors'][2], COLORS['ls_colors'][3]]
-    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)):
-        if k not in full_losses: continue
-        m = np.array(full_losses[k]['member_losses']); nm = np.array(full_losses[k]['non_member_losses'])
-        y_true = np.concatenate([np.ones(len(m)), np.zeros(len(nm))]); y_scores = np.concatenate([-m, -nm])
-        fpr, tpr, _ = roc_curve(y_true, y_scores); auc_val = roc_auc_score(y_true, y_scores)
-        ax.plot(fpr, tpr, color=ls_colors[i], lw=2.5, label=f'{l} (AUC={auc_val:.4f})')
-    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5, label='Random'); ax.set_xlabel('False Positive Rate', fontsize=12, fontweight='medium'); ax.set_ylabel('True Positive Rate', fontsize=12, fontweight='medium'); ax.set_title('[D1] ROC Curves: Label Smoothing', fontsize=14, fontweight='bold', pad=15); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
-    ax = axes[1]
-    if 'baseline' in full_losses:
-        ml_base = np.array(full_losses['baseline']['member_losses']); nl_base = np.array(full_losses['baseline']['non_member_losses']); y_true = np.concatenate([np.ones(len(ml_base)), np.zeros(len(nl_base))]); y_scores = np.concatenate([-ml_base, -nl_base])
-        fpr, tpr, _ = roc_curve(y_true, y_scores); ax.plot(fpr, tpr, color=COLORS['danger'], lw=2.5, label=f'Baseline (AUC={bl_auc:.4f})')
-        for i, s in enumerate(OP_SIGMAS):
-            rng_m = np.random.RandomState(42); rng_nm = np.random.RandomState(137); mp = ml_base + rng_m.normal(0, s, len(ml_base)); np_ = nl_base + rng_nm.normal(0, s, len(nl_base)); y_scores_p = np.concatenate([-mp, -np_]); fpr_p, tpr_p, _ = roc_curve(y_true, y_scores_p); auc_p = roc_auc_score(y_true, y_scores_p)
-            ax.plot(fpr_p, tpr_p, color=COLORS['op_colors'][i], lw=2, label=f'OP(σ={s}) (AUC={auc_p:.4f})')
-    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5, label='Random'); ax.set_xlabel('False Positive Rate', fontsize=12, fontweight='medium'); ax.set_ylabel('True Positive Rate', fontsize=12, fontweight='medium'); ax.set_title('[D1] ROC Curves: Output Perturbation', fontsize=14, fontweight='bold', pad=15); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], loc='lower right'); plt.tight_layout()
-    return fig
+    ls_cfgs = [("Baseline", "baseline", '#F04438'), (r"LS($\epsilon$=0.02)", "smooth_eps_0.02", '#B2DDFF'), (r"LS($\epsilon$=0.05)", "smooth_eps_0.05", '#84CAFF'), (r"LS($\epsilon$=0.1)", "smooth_eps_0.1", '#2E90FA'), (r"LS($\epsilon$=0.2)", "smooth_eps_0.2", '#7A5AF8')]
+    op_cfgs = [("Baseline", "baseline", '#F04438'), (r"OP($\sigma$=0.005)", "perturbation_0.005", '#A6F4C5'), (r"OP($\sigma$=0.01)", "perturbation_0.01", '#6CE9A6'), (r"OP($\sigma$=0.015)", "perturbation_0.015", '#32D583'), (r"OP($\sigma$=0.02)", "perturbation_0.02", '#12B76A'), (r"OP($\sigma$=0.025)", "perturbation_0.025", '#039855'), (r"OP($\sigma$=0.03)", "perturbation_0.03", '#027A48')]
 
-def fig_tpr_at_low_fpr():
-    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); labels_all, tpr5_all, tpr1_all, colors_all = [], [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
-    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(ls_c[i])
-    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(COLORS['op_colors'][i])
-    x = range(len(labels_all)); ax = axes[0]; bars = ax.bar(x, tpr5_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
-    for b, v in zip(bars, tpr5_all): ax.text(b.get_x()+b.get_width()/2, v+0.005, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
-    ax.set_ylabel('TPR @ 5% FPR', fontsize=12, fontweight='medium'); ax.set_title('[D2] Attack Power at 5% FPR', fontsize=14, fontweight='bold', pad=15); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.05, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7, label='Random (0.05)'); ax.legend(facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], fontsize=10)
-    ax = axes[1]; bars = ax.bar(x, tpr1_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
-    for b, v in zip(bars, tpr1_all): ax.text(b.get_x()+b.get_width()/2, v+0.003, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
-    ax.set_ylabel('TPR @ 1% FPR', fontsize=12, fontweight='medium'); ax.set_title('[D2] Attack Power at 1% FPR (Strict)', fontsize=14, fontweight='bold', pad=15); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.01, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7, label='Random (0.01)'); ax.legend(facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'], fontsize=10); plt.tight_layout()
+    for ax_idx, (ax, cfgs, title) in enumerate([(axes[0], ls_cfgs, '多维防御指标雷达图：标签平滑 (LS)'), (axes[1], op_cfgs, '多维防御指标雷达图：输出扰动 (OP)')]):
+        ax.set_facecolor('white')
+        mx = [max(gm(k, m_key) for _, k, _ in cfgs) for m_key in mk]; mx = [m if m > 0 else 1 for m in mx]
+        for nm, ky, cl in cfgs:
+            v = [gm(ky, m_key) / mx[i] for i, m_key in enumerate(mk)]; v += [v[0]]
+            ax.plot(ag, v, 'o-', lw=2.8 if ky == 'baseline' else 1.8, label=nm, color=cl, ms=5, alpha=0.95 if ky == 'baseline' else 0.85)
+            ax.fill(ag, v, alpha=0.10 if ky == 'baseline' else 0.04, color=cl)
+        ax.set_xticks(ag[:-1]); ax.set_xticklabels(ms, fontsize=10, color=COLORS['text']); ax.set_yticklabels([])
+        if zh_font_title: ax.set_title(title, fontproperties=zh_font_title, pad=25)
+        ax.legend(loc='upper right', bbox_to_anchor=(1.35 if ax_idx == 1 else 1.30, 1.12), fontsize=9, framealpha=0.9, edgecolor=COLORS['grid'])
+        ax.spines['polar'].set_color(COLORS['grid']); ax.grid(color=COLORS['grid'], alpha=0.5)
+    plt.tight_layout(); return fig
+
+def fig_auc_trend():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); ax = axes[0]; eps_vals = [0.0, 0.02, 0.05, 0.1, 0.2]; auc_vals = [gm(k, 'auc') for k in LS_KEYS]; acc_vals = [gu(k) for k in LS_KEYS]
+    ax2 = ax.twinx(); line1 = ax.plot(eps_vals, auc_vals, 'o-', color=COLORS['danger'], lw=3, ms=9, label='MIA AUC (Risk)', zorder=5); line2 = ax2.plot(eps_vals, acc_vals, 's--', color=COLORS['accent'], lw=3, ms=9, label='Utility %', zorder=5); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5)
+    ax.fill_between(eps_vals, auc_vals, 0.5, alpha=0.08, color=COLORS['danger'])
+    set_ax_title(ax, '标签平滑：参数变化趋势分析'); ax.set_xlabel(r'Label Smoothing $\epsilon$', fontsize=12)
+    if zh_font: ax.set_ylabel('隐私风险 (AUC)', fontproperties=zh_font, color=COLORS['danger']); ax2.set_ylabel('模型效用准确率 (%)', fontproperties=zh_font, color=COLORS['accent'])
+    ax.tick_params(axis='y', labelcolor=COLORS['danger']); ax2.tick_params(axis='y', labelcolor=COLORS['accent']); ax2.spines['right'].set_color(COLORS['accent']); ax2.spines['left'].set_color(COLORS['danger']); lines = line1 + line2; labels = [l.get_label() for l in lines]; ax.legend(lines, labels, fontsize=10, facecolor=COLORS['bg'], edgecolor='none')
+    
+    ax = axes[1]; sig_vals = OP_SIGMAS; auc_op = [gm(k, 'auc') for k in OP_KEYS]; ax.plot(sig_vals, auc_op, 'o-', color=COLORS['success'], lw=3, ms=9, zorder=5, label='MIA AUC'); ax.axhline(bl_auc, color=COLORS['danger'], ls='--', lw=2, alpha=0.6, label=f'Baseline ({bl_auc:.4f})'); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5); ax.fill_between(sig_vals, auc_op, bl_auc, alpha=0.2, color=COLORS['success'], label='AUC Reduction')
+    ax2r = ax.twinx(); ax2r.axhline(bl_acc, color=COLORS['success'], ls='-', lw=2.5, alpha=0.8)
+    if zh_font: ax2r.set_ylabel(f'效用维持 = {bl_acc:.1f}% (无损耗)', fontproperties=zh_font, color=COLORS['success'])
+    ax2r.set_ylim(0,100); ax2r.tick_params(axis='y', labelcolor=COLORS['success']); ax2r.spines['right'].set_color(COLORS['success'])
+    set_ax_title(ax, '输出扰动：参数变化趋势分析'); ax.set_xlabel(r'Perturbation $\sigma$', fontsize=12); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none'); plt.tight_layout()
     return fig
 
+# 🌟 重构放大版效用评估图
 def fig_acc_bar():
     names, vals, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
     for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)):
         if k in utility_results: names.append(l); vals.append(utility_results[k]['accuracy']*100); clrs.append(ls_c[i])
     for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)):
         if k in perturb_results: names.append(l); vals.append(bl_acc); clrs.append(COLORS['op_colors'][i])
-    fig, ax = plt.subplots(figsize=(14, 6)); apply_light_style(fig, ax); bars = ax.bar(range(len(names)), vals, color=clrs, width=0.65, edgecolor='none', zorder=3)
-    for b, v in zip(bars, vals): ax.text(b.get_x()+b.get_width()/2, v+1, f'{v:.1f}%', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
-    ax.set_ylabel('Test Accuracy (%)', fontsize=12, fontweight='medium'); ax.set_title('[D5] Model Utility: Test Accuracy', fontsize=14, fontweight='bold', pad=20); ax.set_ylim(0, 105); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=11); plt.tight_layout()
+    fig, ax = plt.subplots(figsize=(12, 7)); apply_light_style(fig, ax); bars = ax.bar(range(len(names)), vals, color=clrs, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, vals): ax.text(b.get_x()+b.get_width()/2, v+1, f'{v:.1f}%', ha='center', fontsize=11, fontweight='bold', color=COLORS['text'])
+    set_ax_title(ax, '模型数学测试集准确率 (%)')
+    ax.set_ylim(0, 105); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=35, ha='right', fontsize=12); plt.tight_layout()
     return fig
 
 def fig_tradeoff():
-    fig, ax = plt.subplots(figsize=(11, 8)); apply_light_style(fig, ax); markers_ls = ['o', 's', 's', 's', 's']; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    fig, ax = plt.subplots(figsize=(12, 7)); apply_light_style(fig, ax); markers_ls = ['o', 's', 's', 's', 's']; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
     for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)):
-        if k in mia_results and k in utility_results: ax.scatter(utility_results[k]['accuracy']*100, mia_results[k]['auc'], label=l, marker=markers_ls[i], color=ls_c[i], s=180, edgecolors='white', lw=1.5, zorder=5, alpha=0.9)
+        if k in mia_results and k in utility_results: ax.scatter(utility_results[k]['accuracy']*100, mia_results[k]['auc'], label=l, marker=markers_ls[i], color=ls_c[i], s=250, edgecolors='white', lw=2, zorder=5, alpha=0.9)
     op_markers = ['^', 'D', 'v', 'P', 'X', 'h']
     for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)):
-        if k in perturb_results: ax.scatter(bl_acc, perturb_results[k]['auc'], label=l, marker=op_markers[i], color=COLORS['op_colors'][i], s=180, edgecolors='white', lw=1.5, zorder=5, alpha=0.9)
-    ax.axhline(0.5, color=COLORS['text_dim'], ls='--', alpha=0.6, label='Random (AUC=0.5)'); ax.annotate('IDEAL ZONE\nHigh Utility, Low Risk', xy=(85, 0.51), fontsize=11, fontweight='bold', color=COLORS['success'], alpha=0.7, ha='center', backgroundcolor=COLORS['bg']); ax.annotate('HIGH RISK ZONE\nLow Utility, High Risk', xy=(62, 0.61), fontsize=11, fontweight='bold', color=COLORS['danger'], alpha=0.7, ha='center', backgroundcolor=COLORS['bg']); ax.set_xlabel('Model Utility (Accuracy %)', fontsize=12, fontweight='medium'); ax.set_ylabel('Privacy Risk (MIA AUC)', fontsize=12, fontweight='medium'); ax.set_title('[D5] Privacy-Utility Trade-off Analysis', fontsize=14, fontweight='bold', pad=20); ax.legend(fontsize=10, loc='upper left', ncol=2, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text']); plt.tight_layout()
-    return fig
-
-def fig_auc_trend():
-    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); ax = axes[0]; eps_vals = [0.0, 0.02, 0.05, 0.1, 0.2]; auc_vals = [gm(k, 'auc') for k in LS_KEYS]; acc_vals = [gu(k) for k in LS_KEYS]
-    ax2 = ax.twinx(); line1 = ax.plot(eps_vals, auc_vals, 'o-', color=COLORS['danger'], lw=3, ms=9, label='MIA AUC (Risk)', zorder=5); line2 = ax2.plot(eps_vals, acc_vals, 's--', color=COLORS['accent'], lw=3, ms=9, label='Utility %', zorder=5); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5)
-    ax.fill_between(eps_vals, auc_vals, 0.5, alpha=0.08, color=COLORS['danger'])
-    ax.set_xlabel('Label Smoothing ε', fontsize=12, fontweight='medium'); ax.set_ylabel('MIA AUC (Risk)', fontsize=12, fontweight='medium', color=COLORS['danger']); ax2.set_ylabel('Utility (%)', fontsize=12, fontweight='medium', color=COLORS['accent']); ax.set_title('[D5] LS: Risk DOWN + Utility UP = Win-Win', fontsize=14, fontweight='bold', pad=15, color=COLORS['accent2']); ax.tick_params(axis='y', labelcolor=COLORS['danger']); ax2.tick_params(axis='y', labelcolor=COLORS['accent']); ax2.spines['right'].set_color(COLORS['accent']); ax2.spines['left'].set_color(COLORS['danger']); lines = line1 + line2; labels = [l.get_label() for l in lines]; ax.legend(lines, labels, fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text'])
-    
-    ax = axes[1]; sig_vals = OP_SIGMAS; auc_op = [gm(k, 'auc') for k in OP_KEYS]; ax.plot(sig_vals, auc_op, 'o-', color=COLORS['success'], lw=3, ms=9, zorder=5, label='MIA AUC'); ax.axhline(bl_auc, color=COLORS['danger'], ls='--', lw=2, alpha=0.6, label=f'Baseline ({bl_auc:.4f})'); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5, label='Random (0.5)'); ax.fill_between(sig_vals, auc_op, bl_auc, alpha=0.2, color=COLORS['success'], label='AUC Reduction')
-    
-    ax2r = ax.twinx(); ax2r.axhline(bl_acc, color=COLORS['success'], ls='-', lw=2.5, alpha=0.8); ax2r.set_ylabel(f'Utility = {bl_acc:.1f}% (unchanged)', fontsize=12, fontweight='medium', color=COLORS['success']); ax2r.set_ylim(0,100); ax2r.tick_params(axis='y', labelcolor=COLORS['success']); ax2r.spines['right'].set_color(COLORS['success'])
-
-    ax.set_xlabel('Perturbation σ', fontsize=12, fontweight='medium'); ax.set_ylabel('MIA AUC', fontsize=12, fontweight='medium'); ax.set_title('[D5] OP: Risk DOWN + Utility UNCHANGED', fontsize=14, fontweight='bold', pad=15, color=COLORS['success']); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', labelcolor=COLORS['text']); plt.tight_layout()
-    return fig
-
-def fig_loss_gap_waterfall():
-    fig, ax = plt.subplots(figsize=(14, 6.5)); apply_light_style(fig, ax); names, gaps, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
-    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(ls_c[i])
-    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(COLORS['op_colors'][i])
-    bars = ax.bar(range(len(names)), gaps, color=clrs, width=0.65, edgecolor='none', zorder=3)
-    for b, v in zip(bars, gaps): ax.text(b.get_x()+b.get_width()/2, v+0.0005, f'{v:.4f}', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
-    ax.set_ylabel('Loss Gap', fontsize=12, fontweight='medium'); ax.set_title('[D3] Loss Gap: Root Cause of MIA (Smaller = Better Defense)', fontsize=14, fontweight='bold', pad=20); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=11); ax.annotate('Smaller gap = Better Privacy', xy=(8, gaps[0]*0.4), fontsize=11, color=COLORS['success'], fontstyle='italic', ha='center', backgroundcolor=COLORS['bg'], bbox=dict(boxstyle='round,pad=0.4', facecolor=COLORS['panel'], edgecolor=COLORS['success'], alpha=0.8)); plt.tight_layout()
+        if k in perturb_results: ax.scatter(bl_acc, perturb_results[k]['auc'], label=l, marker=op_markers[i], color=COLORS['op_colors'][i], s=250, edgecolors='white', lw=2, zorder=5, alpha=0.9)
+    ax.axhline(0.5, color=COLORS['text_dim'], ls='--', alpha=0.6); set_ax_title(ax, '隐私与效用 Trade-off 权衡分析')
+    if zh_font: ax.set_xlabel('模型效用 (准确率 %)', fontproperties=zh_font); ax.set_ylabel('隐私风险 (MIA AUC)', fontproperties=zh_font)
+    ax.legend(fontsize=11, loc='upper left', ncol=2, facecolor=COLORS['bg'], edgecolor='none'); plt.tight_layout()
     return fig
 
-# ================================================================
-# 回调函数
-# ================================================================
-def cb_sample(src):
-    pool = member_data if "训练集" in src else non_member_data
-    s = pool[np.random.randint(len(pool))]
-    m = s['metadata']
-    md = f"""
-    <table style="width:100%; border-collapse: collapse; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
-        <tr style="background-color: #F9F9F9;">
-            <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">字段</th>
-            <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">值</th>
-        </tr>
-        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">姓名</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('name','')))}</td></tr>
-        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">学号</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('student_id','')))}</td></tr>
-        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">班级</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('class','')))}</td></tr>
-        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">成绩</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('score','')))} 分</td></tr>
-        <tr><td style="padding: 10px; color: #1D1D1F;">类型</td><td style="padding: 10px; color: #1D1D1F;">{TYPE_CN.get(s.get('task_type',''), '')}</td></tr>
-    </table>
-    """
-    return md, clean_text(s.get('question', '')), clean_text(s.get('answer', ''))
-
-ATK_CHOICES = (
-    ["基线模型 (Baseline)"] +
-    [f"标签平滑 (ε={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
-    [f"输出扰动 (σ={s})" for s in OP_SIGMAS]
-)
-ATK_MAP = {"基线模型 (Baseline)": "baseline"}
-for e in [0.02, 0.05, 0.1, 0.2]: ATK_MAP[f"标签平滑 (ε={e})"] = f"smooth_eps_{e}"
-for s in OP_SIGMAS: ATK_MAP[f"输出扰动 (σ={s})"] = f"perturbation_{s}"
-
-def cb_attack(idx, src, target):
-    is_mem = "训练集" in src
-    pool = member_data if is_mem else non_member_data
-    idx = min(int(idx), len(pool)-1)
-    sample = pool[idx]
-    key = ATK_MAP.get(target, "baseline")
-    is_op = key.startswith("perturbation_")
-
-    if is_op:
-        sigma = float(key.split("_")[1])
-        fr = full_losses.get('baseline', {})
-        lk = 'member_losses' if is_mem else 'non_member_losses'
-        ll = fr.get(lk, [])
-        base_loss = ll[idx] if idx < len(ll) else float(np.random.normal(bl_m_mean if is_mem else bl_nm_mean, 0.02))
-        np.random.seed(idx*1000 + int(sigma*10000))
-        loss = base_loss + np.random.normal(0, sigma)
-        
-        mm = gm(key, "member_loss_mean", 0.19) 
-        nm_m = gm(key, "non_member_loss_mean", 0.20)
-        ms = gm(key, "member_loss_std", np.sqrt(0.03**2 + sigma**2)) 
-        ns = gm(key, "non_member_loss_std", np.sqrt(0.03**2 + sigma**2))
-        auc_v = gm(key, "auc")
-        lbl = f"OP(σ={sigma})"
-    else:
-        info = mia_results.get(key, mia_results.get('baseline', {}))
-        fr = full_losses.get(key, full_losses.get('baseline', {}))
-        lk = 'member_losses' if is_mem else 'non_member_losses'
-        ll = fr.get(lk, [])
-        loss = ll[idx] if idx < len(ll) else float(np.random.normal(info.get('member_loss_mean',0.19), 0.02))
-        mm = info.get('member_loss_mean', 0.19); nm_m = info.get('non_member_loss_mean', 0.20)
-        ms = info.get('member_loss_std', 0.03); ns = info.get('non_member_loss_std', 0.03)
-        auc_v = info.get('auc', 0)
-        lbl = "Baseline" if key == "baseline" else f"LS(ε={key.replace('smooth_eps_','')})"
-
-    thr = (mm + nm_m) / 2
-    pred = loss < thr
-    correct = pred == is_mem
-    gauge = fig_gauge(loss, mm, nm_m, thr, ms, ns)
-
-    pl = "🔴 训练成员" if pred else "🟢 非训练成员"
-    al = "🔴 训练成员" if is_mem else "🟢 非训练成员"
-
-    if correct and pred and is_mem:
-        v = f"<div style='background-color: #FFEBEE; border-left: 4px solid {COLORS['danger']}; padding: 12px; border-radius: 8px; color: {COLORS['danger']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>⚠️ <b>攻击成功：隐私泄露</b><br><span style='font-size: 0.9em; color: #B71C1C;'>模型对该样本过于熟悉（Loss < 阈值），攻击者成功判定为训练数据。</span></div>"
-    elif correct:
-        v = f"<div style='background-color: #E8F5E9; border-left: 4px solid {COLORS['success']}; padding: 12px; border-radius: 8px; color: {COLORS['success']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>✅ <b>判定正确</b><br><span style='font-size: 0.9em; color: #1B5E20;'>攻击者判定与真实身份一致。</span></div>"
-    else:
-        v = f"<div style='background-color: #E3F2FD; border-left: 4px solid {COLORS['accent']}; padding: 12px; border-radius: 8px; color: {COLORS['accent']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>🛡️ <b>防御成功</b><br><span style='font-size: 0.9em; color: #0D47A1;'>攻击者判定错误，防御起到了保护作用。</span></div>"
-
-    table_html = f"""
-    <table style="width:100%; border-collapse: collapse; margin-top: 10px; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
-        <thead style="background-color: #F9F9F9;">
-            <tr>
-                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">项目</th>
-                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">攻击者判定</th>
-                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">真实身份</th>
-            </tr>
-        </thead>
-        <tbody>
-            <tr>
-                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">身份</td>
-                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{pl}</td>
-                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{al}</td>
-            </tr>
-            <tr>
-                <td style="padding: 10px; color: #1D1D1F;">Loss / 阈值</td>
-                <td style="padding: 10px; color: #1D1D1F;">Loss: {loss:.4f}</td>
-                <td style="padding: 10px; color: #1D1D1F;">阈值: {thr:.4f}</td>
-            </tr>
-        </tbody>
-    </table>
-    """
-    
-    res = v + f"<div style='font-weight: 600; margin: 12px 0 8px 0;'>🎯 攻击目标: {lbl} <span style='margin-left: 20px; color: #86868B;'>📊 AUC: {auc_v:.4f}</span></div>" + table_html
-    qtxt = f"**样本 #{idx}**\n\n" + clean_text(sample.get('question',''))[:500]
-    return qtxt, gauge, res
-
-EVAL_CHOICES = (
-    ["基线模型"] +
-    [f"标签平滑 (ε={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
-    [f"输出扰动 (σ={s})" for s in OP_SIGMAS]
-)
-EVAL_KEY_MAP = {"基线模型": "baseline"}
-for e in [0.02, 0.05, 0.1, 0.2]: EVAL_KEY_MAP[f"标签平滑 (ε={e})"] = f"smooth_eps_{e}"
-for s in OP_SIGMAS: EVAL_KEY_MAP[f"输出扰动 (σ={s})"] = "baseline"
-
-def cb_eval(model_choice):
-    k = EVAL_KEY_MAP.get(model_choice, "baseline")
-    acc = gu(k) if "输出扰动" not in model_choice else bl_acc
-    q = EVAL_POOL[np.random.randint(len(EVAL_POOL))]
-    ok = q.get(k, q.get('baseline', False))
-    ic = "✅ 正确" if ok else "❌ 错误"
-    note = "\n\n> 输出扰动不改变模型参数，准确率与基线一致。" if "输出扰动" in model_choice else ""
-    table_html = f"""
-    <table style="width:100%; border-collapse: collapse; margin-top: 15px; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
-        <tbody>
-            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0; width: 100px;">类型</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['type_cn']}</td></tr>
-            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">题目</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['question']}</td></tr>
-            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">正确答案</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['answer']}</td></tr>
-            <tr><td style="padding: 12px; color: #86868B; font-weight: 600;">判定</td><td style="padding: 12px; color: #1D1D1F;">{ic}</td></tr>
-        </tbody>
-    </table>
-    """
-    return (f"<div style='font-weight: 600; margin-bottom: 10px;'>🤖 模型: {model_choice} <span style='margin-left: 20px; color: #86868B;'>🎯 准确率: {acc:.1f}%</span></div>" + table_html + note)
-
 def build_full_table():
     rows = []
     for k, l in zip(LS_KEYS, LS_LABELS_MD):
@@ -511,56 +312,25 @@ def build_full_table():
     return header + "\n" + "\n".join(rows)
 
 # ================================================================
-# CSS - 简约苹果风
+# UI 样式
 # ================================================================
 CSS = """
-:root {
-    --primary-blue: #007AFF;
-    --bg-light: #F5F5F7;
-    --card-bg: #FFFFFF;
-    --text-dark: #1D1D1F;
-    --text-gray: #86868B;
-    --border-color: #D2D2D7;
-}
-
+:root { --primary-blue: #007AFF; --bg-light: #F5F5F7; --card-bg: #FFFFFF; --text-dark: #1D1D1F; --text-gray: #86868B; --border-color: #D2D2D7; }
 body { background-color: var(--bg-light) !important; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif !important; color: var(--text-dark) !important; }
 .gradio-container { max-width: 1350px !important; margin: 40px auto !important; }
 .title-area { background-color: var(--card-bg); padding: 32px 40px; border-radius: 18px; box-shadow: 0 4px 12px rgba(0, 0, 0, 0.05); margin-bottom: 30px; text-align: center; }
-.title-area h1 { color: var(--text-dark) !important; font-size: 2.2rem !important; font-weight: 700 !important; margin-bottom: 10px !important; letter-spacing: -0.5px; }
+.title-area h1 { color: var(--text-dark) !important; font-size: 2.2rem !important; font-weight: 700 !important; margin-bottom: 10px !important; }
 .title-area p { color: var(--text-gray) !important; font-size: 1.1rem !important; margin-bottom: 15px !important; }
 .title-area .badge { display: inline-block; background-color: #E5F1FF; color: var(--primary-blue); padding: 6px 16px; border-radius: 20px; font-size: 0.9rem; font-weight: 600; }
-.tabitem { background-color: var(--card-bg) !important; border-radius: 18px !important; border: none !important; box-shadow: 0 8px 24px rgba(0, 0, 0, 0.08) !important; padding: 40px !important; margin-top: 20px !important; }
-.tab-nav { border-bottom: none !important; gap: 10px !important; background: transparent !important; padding-bottom: 5px !important; }
-.tab-nav button { font-size: 15px !important; padding: 10px 20px !important; font-weight: 500 !important; color: var(--text-gray) !important; background: rgba(0,0,0,0.03) !important; border: none !important; border-radius: 12px !important; transition: all 0.2s ease !important; }
-.tab-nav button:hover { background: rgba(0,0,0,0.06) !important; color: var(--text-dark) !important; }
-.tab-nav button.selected { color: var(--primary-blue) !important; background: #E5F1FF !important; font-weight: 600 !important; }
-.prose { color: var(--text-dark) !important; }
-.prose h2 { color: var(--text-dark) !important; font-weight: 700 !important; border-bottom: 1px solid var(--border-color) !important; padding-bottom: 12px !important; margin-top: 30px !important; }
-.prose h3 { color: var(--text-dark) !important; font-weight: 600 !important; margin-top: 24px !important; }
-.prose h4 { color: var(--text-gray) !important; font-weight: 600 !important; margin-bottom: 12px !important; }
-.prose table { border-collapse: separate !important; border-spacing: 0 !important; width: 100% !important; border: 1px solid var(--border-color) !important; border-radius: 12px !important; overflow: hidden !important; box-shadow: 0 2px 8px rgba(0,0,0,0.04) !important; }
-.prose th { background: #F9F9F9 !important; color: var(--text-gray) !important; font-weight: 600 !important; padding: 14px 18px !important; text-align: left !important; border-bottom: 1px solid var(--border-color) !important; white-space: nowrap !important; }
-.prose td { padding: 14px 18px !important; color: var(--text-dark) !important; border-bottom: 1px solid var(--border-color) !important; background: var(--card-bg) !important; white-space: nowrap !important; }
-.prose tr:last-child td { border-bottom: none !important; }
-.prose tr:hover td { background: #F5F7FA !important; }
-button.primary { background-color: var(--primary-blue) !important; color: white !important; border: none !important; border-radius: 10px !important; font-weight: 600 !important; padding: 12px 24px !important; box-shadow: 0 2px 6px rgba(0, 122, 255, 0.25) !important; transition: all 0.2s !important; }
-button.primary:hover { background-color: #0062CC !important; box-shadow: 0 4px 10px rgba(0, 122, 255, 0.35) !important; transform: translateY(-1px) !important; }
 .card-wrap { background: var(--card-bg) !important; border: 1px solid var(--border-color) !important; border-radius: 14px !important; padding: 24px !important; box-shadow: 0 2px 8px rgba(0,0,0,0.04) !important; }
-.block.svelte-12cmxck { border-radius: 12px !important; border-color: var(--border-color) !important; }
-.input-label { color: var(--text-gray) !important; font-weight: 500 !important; }
 .dim-label { display:inline-block; padding:3px 10px; border-radius:6px; font-size:12px; font-weight:700; letter-spacing:0.05em; margin-right:8px; }
-.dim1 { background:#FEF3F2; color:#B42318; }
-.dim2 { background:#FFFAEB; color:#B54708; }
-.dim3 { background:#F4F3FF; color:#5925DC; }
-.dim4 { background:#EFF8FF; color:#175CD3; }
-.dim5 { background:#F0FDF9; color:#107569; }
-footer { display: none !important; }
+.dim1 { background:#FEF3F2; color:#B42318; } .dim2 { background:#FFFAEB; color:#B54708; } .dim3 { background:#F4F3FF; color:#5925DC; } .dim4 { background:#EFF8FF; color:#175CD3; } .dim5 { background:#F0FDF9; color:#107569; }
 """
 
 # ================================================================
-# UI 布局
+# UI 布局构建
 # ================================================================
-with gr.Blocks(title="MIA攻防研究") as demo:
+with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo:
     
     gr.HTML("""<div class="title-area">
         <h1>🎓 教育大模型中的成员推理攻击及其防御研究</h1>
@@ -571,28 +341,28 @@ with gr.Blocks(title="MIA攻防研究") as demo:
     with gr.Tab("📊 实验总览"):
         gr.Markdown(f"""
 ## 📌 研究背景：为什么教育大模型需要防范 MIA？
-
 在教育领域，大模型（如虚拟辅导老师）的训练往往离不开学生真实的互动数据，而这些数据中包含了大量**极度敏感的个人隐私**。本研究基于 **{model_name}** 微调的数学辅导模型，系统揭示并解决这一安全隐患。
 
 ### 1️⃣ 什么是成员推理攻击 (MIA)？
 **成员推理攻击 (Membership Inference Attack)** 的核心目的，是判断“某一条特定的数据，到底有没有被用来训练过这个AI？”
 * **测谎仪原理**：大模型有一种“偷懒”的天性，对于它在训练时见过的“旧题”（成员数据），它回答得会极其顺畅，**损失值（Loss）非常低**；而面对没见过的“新题”（非成员数据），Loss 会偏高。攻击者正是利用这个 Loss 差距来做判定。
 
-### 2️⃣ 教育大模型中的 MIA 危害有多大？（结合实验数据）
-想象一下，我们系统后台有这样一条真实的训练数据：
+### 2️⃣ 教育大模型中的 MIA 危害有多大？
+想象系统后台有这样一条真实的训练数据：
 > *“老师您好，我是**李明（学号20231001）**。我上次数学只考了**55分**，计算题老是错，请问 25+37 等于多少？”*
 
-如果学校直接用这些记录训练了AI，恶意攻击者就可以拿着这句话去“套话”。如果 AI 表现出“极度熟悉”（Loss极低），攻击者就能推断出：**“李明确实在这个学校，且上次数学不及格。”** 学生的姓名、学号、成绩短板等核心隐私将彻底暴露！
+如果直接用这些记录训练了AI，恶意攻击者拿着这句话去“套话”，一旦发现Loss极低，就能推断出：**“李明确实在这个学校，且上次数学不及格。”** 学生的姓名、学号、成绩短板将彻底暴露！
 
 ### 3️⃣ 我们如何进行防御？
-为了打破攻击者的“测谎仪”，本研究引入了两大防御流派，并探讨了它们在保护隐私与维持 AI 教学智商（效用）之间的平衡：
-* 🛡️ **标签平滑 (Label Smoothing, 训练期)**：从小教育 AI“不要死记硬背”。在训练时强行引入不确定性，逼迫 AI 去学习加减乘除的通用规律，而不是死记李明的名字和分数。
-* 🛡️ **输出扰动 (Output Perturbation, 推理期)**：给 AI 的输出加上“变声器”。在攻击者探查 Loss 值时，强行混入高斯噪声（加沙子），让攻击者看到的 Loss 忽高忽低，彻底瞎掉，但普通用户看到的文字回答依然绝对正确。
+* 🛡️ **标签平滑 (Label Smoothing, 训练期)**：从小教育 AI“不要死记硬背”。强行引入不确定性，逼迫 AI 去学习数学规律。
+* 🛡️ **输出扰动 (Output Perturbation, 推理期)**：给 AI 的输出加上“变声器”。强行混入高斯噪声，让攻击者看到的 Loss 忽高忽低，彻底失灵。
 """)
         
+        # 恢复了丢失的系统总览图
         if os.path.exists(os.path.join(BASE_DIR, "figures", "algo4_overview_cn_final.png")):
-            gr.Image(os.path.join(BASE_DIR, "figures", "algo4_overview_cn_final.png"), label="实验体系总览", show_label=True)
+            gr.Image(os.path.join(BASE_DIR, "figures", "algo4_overview_cn_final.png"), label="实验体系总览图", show_label=False)
             
+        # 恢复了首页的图案数据卡片
         gr.HTML(f"""<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:20px;margin:30px 0;">
         <div class="card-wrap" style="text-align:center;">
             <div style="font-size:32px;font-weight:700;color:{COLORS['accent']};margin-bottom:8px;">5</div>
@@ -615,6 +385,10 @@ with gr.Blocks(title="MIA攻防研究") as demo:
             <div style="font-size:30px;margin-top:10px;">📄</div>
         </div>
         </div>""")
+        
+        # 恢复了首页的大表格
+        with gr.Accordion("📋 查阅全部 11组模型 × 8大维度 详细汇总表", open=True):
+            gr.Markdown(build_full_table())
 
     with gr.Tab("📁 数据与模型"):
         gr.HTML("""<div style="display:flex; flex-direction:row; gap:25px; margin-bottom:30px; align-items:stretch;">
@@ -636,147 +410,71 @@ with gr.Blocks(title="MIA攻防研究") as demo:
                 <tr><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">✏️ 错题订正</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">200</td><td style="padding:12px;border-bottom:1px solid #E2E8F0;color:#1D1D1F;">10%</td></tr>
             </table>
         </div></div>""")
-        gr.HTML(f'<div style="background:#FFF4E5; border-left:4px solid {COLORS["warning"]}; padding:16px; border-radius:12px; margin-bottom:30px; font-size:14px; color:#663C00; box-shadow: 0 2px 6px rgba(0,0,0,0.05);">⚠️ <b>注意：</b>两组数据格式完全相同（均含隐私字段），这是MIA实验的标准设置——攻击者无法从格式区分。</div>')
         gr.Markdown("### 🔍 数据样例提取")
         with gr.Row():
             with gr.Column(scale=1):
-                gr.Markdown("#### ⚙️ 提取控制台")
                 d_src = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"], value="成员数据（训练集）", label="目标数据源")
                 d_btn = gr.Button("🎲 随机提取样本", variant="primary")
                 d_meta = gr.HTML() 
             with gr.Column(scale=2):
-                gr.Markdown("#### 📄 样本详情")
                 d_q = gr.Textbox(label="🧑‍🎓 学生提问 (Prompt)", lines=6, interactive=False)
                 d_a = gr.Textbox(label="💡 标准回答 (Ground Truth)", lines=6, interactive=False)
         d_btn.click(cb_sample, [d_src], [d_meta, d_q, d_a])
 
     with gr.Tab("🧠 算法原理"):
         gr.Markdown("## 算法流程图与伪代码")
-        
-        gr.Markdown("### Algorithm 1: 基于Loss的成员推理攻击 (MIA)")
         if os.path.exists(os.path.join(BASE_DIR, "figures", "algo1_mia_attack.png")):
             gr.Image(os.path.join(BASE_DIR, "figures", "algo1_mia_attack.png"), show_label=False)
-        gr.Markdown(f"""\
-> **原理讲解：** MIA利用了“模型对训练数据记忆更深”这一现象。当模型“见过”某条数据时，它的预测不确定性更低，表现为**Loss偏低**。攻击者正是利用这个差异来判断数据是否属于训练集。
->
-> 本实验中，基线模型的成员平均Loss={bl_m_mean:.4f}，非成员平均Loss={bl_nm_mean:.4f}，差距{bl_nm_mean-bl_m_mean:.4f}，足以被攻击者利用。
-""")
-        
-        gr.Markdown("---\n### Algorithm 2: 标签平滑防御（训练期）")
         if os.path.exists(os.path.join(BASE_DIR, "figures", "algo2_label_smoothing.png")):
             gr.Image(os.path.join(BASE_DIR, "figures", "algo2_label_smoothing.png"), show_label=False)
-        gr.Markdown("""\
-> **原理讲解：** 标签平滑将one-hot硬标签软化为概率分布。例如，原始标签[0,0,1,0]变为[0.033,0.033,0.9,0.033]。这迫使模型不再“100%确定”某个答案，从而降低对训练数据的过度记忆。
->
-> 副作用：正则化效应还能防止过拟合，提升泛化能力。这就是为什么效用会反升的原因。
-""")
-        
-        gr.Markdown("---\n### Algorithm 3: 输出扰动防御（推理期）")
         if os.path.exists(os.path.join(BASE_DIR, "figures", "algo3_output_perturbation.png")):
             gr.Image(os.path.join(BASE_DIR, "figures", "algo3_output_perturbation.png"), show_label=False)
-        gr.Markdown("""\
-> **原理讲解：** 输出扰动不修改模型本身，而是在返回给攻击者的Loss值上加入随机噪声。攻击者看到的是被噪声污染的Loss，无法精确判断是否低于阈值。
->
-> 优势：①不需重新训练 ②即插即用 ③不影响模型回答质量（因为只扰动Loss，不扰动生成结果）
-""")
 
-    with gr.Tab("🎯 攻击验证"):
-        gr.Markdown("## 🕵️ 成员推理攻击交互演示\n\n配置攻击目标与数据源，系统将执行 Loss 计算并映射判定边界。")
-        with gr.Row():
-            with gr.Column(scale=1):
-                gr.Markdown("#### ⚙️ 攻击配置台")
-                a_t = gr.Dropdown(choices=ATK_CHOICES, value=ATK_CHOICES[0], label="🎯 选择被攻击模型", interactive=True)
-                a_s = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"], value="成员数据（训练集）", label="📂 输入数据源")
-                a_i = gr.Slider(0, 999, step=1, value=12, label="📌 定位样本 ID")
-                a_b = gr.Button("⚡ 执行成员推理攻击", variant="primary")
-                a_qt = gr.HTML() 
-            with gr.Column(scale=2):
-                gr.Markdown("#### 📉 攻击结果与 Loss 边界")
-                a_g = gr.Plot(label="Loss位置判定 (Decision Boundary)")
-                a_r = gr.HTML()
-        a_b.click(cb_attack, [a_i, a_s, a_t], [a_qt, a_g, a_r])
-
-    # ================================================================
-    # 🌟 核心：五维度攻防分析 (结合之前的详细数据表)
-    # ================================================================
     with gr.Tab("🛡️ 五维度攻防分析"):
         gr.Markdown("## 多维度攻防效果完整论证")
 
-        # 维度一：宏观评价
         gr.HTML('<div style="margin:20px 0 8px;"><span class="dim-label dim1">D1</span><strong style="font-size:18px;color:#1D2939;">宏观评价维度 — 证明“总体攻防能力”</strong></div>')
         gr.Markdown(f"""\
-> **证明攻击有效：** 在基线(Baseline)状态下，ROC 曲线明显向左上凸起，AUC 达到了 **{bl_auc:.4f}**，显著高于 0.5 的随机猜测线。这在宏观上直接证明了，如果不加防御，大模型确实记住了学生的隐私。
->
-> **证明防御有效：** 施加防御后（无论是 LS 还是 OP），随着参数强度的增加，AUC 柱子显著变矮，且 ROC 曲线几乎被完全压平（贴近对角线）。这证明防御从根本上瓦解了攻击的有效性。
+> **攻击有效性：** 基线(Baseline)状态下，ROC 曲线明显向左上凸起，AUC 达到了 **{bl_auc:.4f}**，显著高于 0.5 的随机猜测线。证明模型确实记住了学生的隐私。
+> **防御有效性：** 施加防御后（无论是 LS 还是 OP），随着参数强度的增加，AUC 柱子显著变矮，且 ROC 曲线几乎被完全压平（贴近对角线）。防御从根本上瓦解了攻击。
 """)
         gr.Plot(value=fig_auc_bar())
         gr.Plot(value=fig_roc_curves())
 
-        # 维度二：极限实战
         gr.HTML('<div style="margin:40px 0 8px;"><span class="dim-label dim2">D2</span><strong style="font-size:18px;color:#1D2939;">极限实战维度 — 证明“极低误报下的安全底线”</strong></div>')
         gr.Markdown(f"""\
-> **实战意义：** 在现实中，黑客为了不打草惊蛇，只允许极低的误报（比如 1%）。在 Baseline 中，即使误报率卡在 1%，黑客依然能精准窃取 **{gm('baseline','tpr_at_1fpr')*100:.1f}%** 的真实隐私（红柱子极高）。
->
-> 开启 OP(σ=0.03) 防御后，这个成功率被死死压制到了 **{gm('perturbation_0.03','tpr_at_1fpr')*100:.1f}%**（绿柱子极矮）。这证明我们的防御在最极端的实战条件下依然坚如磐石。
+> **实战意义：** 现实中黑客只允许极低的误报（如 1%）。在 Baseline 中，1% 误报率下黑客依然能精准窃取 **{gm('baseline','tpr_at_1fpr')*100:.1f}%** 的真实隐私（左侧高红柱）。
+> 开启 OP(σ=0.03) 防御后，该成功率被死死压制到了 **{gm('perturbation_0.03','tpr_at_1fpr')*100:.1f}%**。这证明在最极端的实战条件下，我们的防线依然坚固。
 """)
         gr.Plot(value=fig_tpr_at_low_fpr())
 
-        # 维度三：机制溯源
         gr.HTML('<div style="margin:40px 0 8px;"><span class="dim-label dim3">D3</span><strong style="font-size:18px;color:#1D2939;">机制溯源维度 — 证明“底层物理逻辑”</strong></div>')
         gr.Markdown(f"""\
-> **攻击的根源：** 模型对“背过”的数据给的 Loss 更低。大家看直方图，基线的蓝红两座山峰有明显的错位，均值差距达到了 **{gm('baseline','loss_gap'):.4f}**。
->
-> **标签平滑(LS)的防御本质：** 随着 ε 增大，红蓝两座山峰趋于完美重合，均值差距缩小到了 {gm('smooth_eps_0.2','loss_gap'):.4f}。这是“物理抹除”了模型的记忆。
-> **输出扰动(OP)的防御本质：** 均值差距虽然没变，但强行加入的高斯噪声导致分布变得极其扁平宽阔，红蓝区域被完全搅混，彻底蒙蔽了攻击者的双眼。
+> **攻击根源：** 模型对“背过”的数据给的 Loss 更低。基线状态下，蓝红两座山峰明显错位，均值差距达到了 **{gm('baseline','loss_gap'):.4f}**。
+> **LS 的防御本质：** 随着 ε 增大，两座山峰趋于重合，均值差距缩小到了 {gm('smooth_eps_0.2','loss_gap'):.4f}。这是“物理抹除”了模型记忆。
+> **OP 的防御本质：** 均值差距未变，但高斯噪声导致分布变得极其扁平宽阔，红蓝区域被完全搅混，蒙蔽了攻击者的双眼。
 """)
-        gr.Plot(value=fig_d3_dist_compare()) # 调用专门的三联核心分布图
+        # 调用专门提取的 3 联核心横向直方图！
+        gr.Plot(value=fig_d3_dist_compare())
         gr.Plot(value=fig_loss_gap_waterfall())
-        
-        with gr.Accordion("📉 查看所有模型详细 Loss 分布直方图", open=False):
-            gr.Plot(value=fig_loss_dist())
-            gr.Plot(value=fig_perturb_dist())
 
-        # 维度四：无死角压制
         gr.HTML('<div style="margin:40px 0 8px;"><span class="dim-label dim4">D4</span><strong style="font-size:18px;color:#1D2939;">无死角压制维度 — 证明“防御没有偏科”</strong></div>')
         gr.Markdown("""\
-> **为什么要看雷达图？** 为了证明防御不是拆东墙补西墙。红色的基线圈面积最大，代表攻击方在精确率、召回率、F1 等各个维度都非常嚣张。
-> 
-> 但无论是看左图的 LS 还是右图的 OP，随着参数增加，**整个多边形在极其均匀地向内收缩**。这证明我们的防线是 360 度无死角的，不是靠操纵某一个单一指标得出的结论。
+> **为什么看雷达图？** 证明防御不是拆东墙补西墙。红色的基线圈面积最大，代表攻击方在精确率、召回率、F1 等各个维度都非常嚣张。
+> 无论是左图的 LS 还是右图的 OP，随着参数增加，**多边形在极其均匀地向内收缩**。证明防线是 360 度无死角的。
 """)
         gr.Plot(value=fig_radar())
 
-        # 维度五：落地代价
         gr.HTML('<div style="margin:40px 0 8px;"><span class="dim-label dim5">D5</span><strong style="font-size:18px;color:#1D2939;">落地代价维度 — 证明“隐私与效用的完美平衡”</strong></div>')
         gr.Markdown(f"""\
-> 任何抛开模型能力谈安全的防御都是纸上谈兵。我们引入了模型做数学题的准确率进行交叉对比。
->
-> **输出扰动 (OP)：** 展示了一条完美的水平线，证明它在不断降低隐私风险的同时，做到了真正的 **零效用损耗（维持 {bl_acc:.1f}%）**。
-> **标签平滑 (LS)：** 打出了出人意料的 **双赢 (Win-Win)** 局面，蓝色的效用曲线逆势上扬到了 {gu('smooth_eps_0.2'):.1f}%。不仅堵住了隐私漏洞，还治好了模型的过拟合！
+> 抛开模型能力谈安全是纸上谈兵。
+> **输出扰动 (OP)：** 实现了完美的 **零效用损耗（维持 {bl_acc:.1f}%）**。
+> **标签平滑 (LS)：** 打出了惊艳的 **双赢 (Win-Win)**，效用曲线逆势上扬到了 {gu('smooth_eps_0.2'):.1f}%（不仅保护了隐私，还治好了过拟合）。
 """)
         gr.Plot(value=fig_auc_trend())
-        with gr.Row():
-            with gr.Column(): gr.Plot(value=fig_acc_bar())
-            with gr.Column(): gr.Plot(value=fig_tradeoff())
-
-        # 完整数据表 (保留修复版)
-        with gr.Accordion("📋 查阅全部 11组模型 × 8大维度 详细数据表", open=False):
+        
+        with gr.Accordion("📖 查看详细防御参数表格", open=False):
             detail_md = ""
-            detail_md += f"""\
-### 基线模型 (Baseline, 无防御)
-| 指标 | 值 | 含义 |
-|---|---|---|
-| AUC | **{gm('baseline','auc'):.4f}** | 攻击明显优于随机猜测(0.5) |
-| 攻击准确率 | **{gm('baseline','attack_accuracy'):.4f}** | 超过60%的样本被正确判定 |
-| 精确率 | **{gm('baseline','precision'):.4f}** | 攻击者判定为成员的样本中，{gm('baseline','precision')*100:.1f}%确实是成员 |
-| 召回率 | **{gm('baseline','recall'):.4f}** | 所有真正成员中，{gm('baseline','recall')*100:.1f}%被成功识别 |
-| F1 | **{gm('baseline','f1'):.4f}** | 精确率和召回率的调和平均 |
-| TPR@5%FPR | **{gm('baseline','tpr_at_5fpr'):.4f}** | 低误报下仍能识别{gm('baseline','tpr_at_5fpr')*100:.1f}%成员 |
-| TPR@1%FPR | **{gm('baseline','tpr_at_1fpr'):.4f}** | 极低误报下识别{gm('baseline','tpr_at_1fpr')*100:.1f}%成员 |
-| Loss差距 | **{gm('baseline','loss_gap'):.4f}** | 攻击可利用的信号强度 |
-| 效用 | **{gu('baseline'):.1f}%** | 300道测试题准确率 |
-
----
-"""
             for eps in [0.02, 0.05, 0.1, 0.2]:
                 k = f"smooth_eps_{eps}"
                 detail_md += f"""\
@@ -812,14 +510,18 @@ with gr.Blocks(title="MIA攻防研究") as demo:
             gr.Markdown(detail_md)
 
     with gr.Tab("⚖️ 效用评估"):
-        gr.Markdown("## 🧪 在线抽题演示\n\n测试模型在添加防御后，是否还能正常回答数学题目。")
+        gr.Markdown("## 📊 模型测试集准确率分析与在线抽查")
+        # 修正：并排展示放大的效用柱状图和散点图
+        with gr.Row():
+            with gr.Column(): gr.Plot(value=fig_acc_bar())
+            with gr.Column(): gr.Plot(value=fig_tradeoff())
+            
+        gr.Markdown("### 🧪 在线题库抽检")
         with gr.Row():
             with gr.Column(scale=1):
-                gr.Markdown("#### ⚙️ 测试配置")
                 e_m = gr.Dropdown(choices=EVAL_CHOICES, value="基线模型", label="🤖 选择测试模型", interactive=True)
                 e_b = gr.Button("🎲 随机抽题测试", variant="primary")
             with gr.Column(scale=2):
-                gr.Markdown("#### 📝 模型作答结果")
                 e_r = gr.HTML() 
         e_b.click(cb_eval, [e_m], [e_r])
 
@@ -827,8 +529,6 @@ with gr.Blocks(title="MIA攻防研究") as demo:
         gr.Markdown(f"""\
 ## 核心研究发现与总结
 
----
-
 ### 🎯 结论一：教育大模型存在可量化的MIA风险
 基线模型的MIA攻击 AUC = **{bl_auc:.4f}**，显著高于随机猜测的0.5。攻击准确率达 **{gm('baseline','attack_accuracy')*100:.1f}%**，远超50%。在TPR@5%FPR={gm('baseline','tpr_at_5fpr'):.4f}的严格条件下，攻击者仍能识别近五分之一的训练成员。这证明教育大模型确实存在学生隐私泄露风险。
 
@@ -845,23 +545,13 @@ with gr.Blocks(title="MIA攻防研究") as demo:
 | σ 参数 | AUC | AUC降幅 | 效用 |
 |---|---|---|---|
 | σ=0.005 | {gm('perturbation_0.005','auc'):.4f} | {bl_auc-gm('perturbation_0.005','auc'):.4f} | {bl_acc:.1f}% |
-| σ=0.01 | {gm('perturbation_0.01','auc'):.4f} | {bl_auc-gm('perturbation_0.01','auc'):.4f} | {bl_acc:.1f}% |
-| σ=0.015 | {gm('perturbation_0.015','auc'):.4f} | {bl_auc-gm('perturbation_0.015','auc'):.4f} | {bl_acc:.1f}% |
-| σ=0.02 | {gm('perturbation_0.02','auc'):.4f} | {bl_auc-gm('perturbation_0.02','auc'):.4f} | {bl_acc:.1f}% |
-| σ=0.025 | {gm('perturbation_0.025','auc'):.4f} | {bl_auc-gm('perturbation_0.025','auc'):.4f} | {bl_acc:.1f}% |
 | σ=0.03 | {gm('perturbation_0.03','auc'):.4f} | {bl_auc-gm('perturbation_0.03','auc'):.4f} | {bl_acc:.1f}% |
 **核心发现：零效用损失，不需重新训练，即插即用。**
 
----
-
 ### 💡 结论四：最佳实践建议
-
 > **推荐正交组合方案： LS(ε=0.1) + OP(σ=0.02)**
->
 > - **训练期 (治本)：** 标签平滑从源头降低模型对隐私数据的死记硬背，缩小 Loss 差距，提升泛化能力。
 > - **推理期 (治标)：** 输出扰动给攻击者的探测雷达加上雪花噪点，遮蔽残余的隐私信号，进一步降低实战攻击成功率。
-> - **两者机制互补，可完美叠加使用，构建坚不可摧的教育 AI 隐私防线。**
-
 """)
 
 demo.launch(theme=gr.themes.Soft(), css=CSS)