Update app.py

app.py

@@ -1,8 +1,9 @@
 # ================================================================
 # 教育大模型MIA攻防研究 - Gradio演示系统 v10.0 顶会答辩版
-# 1. 图表全面中文化（内置自动下载黑体）
-# 2. 完美恢复首页苹果风卡片与总览图，重组效用页面
-# 3. 增强三联 Loss 对比直方图，攻防对比一目了然
+# 1. 继承 v9.0 完美 Unicode 字符、UI 结构和表格数据
+# 2. 图表标题全面中文化，去除 D1/D2 等冗余编号
+# 3. 增强三联 Loss 对比直方图，攻防机制对比一目了然
+# 4. 优化效用评估页面布局，放大核心图表
 # ================================================================
 
 import os
@@ -41,9 +42,12 @@ def load_json(path):
         return json.load(f)
 
 def clean_text(text):
-    if not isinstance(text, str): return str(text)
+    if not isinstance(text, str):
+        return str(text)
     text = re.sub(r'[\U00010000-\U0010ffff]', '', text)
-    return re.sub(r'[\u200b-\u200f\u2028-\u202f\u2060-\u206f\ufff0-\uffff\ufeff]', '', text).strip()
+    text = re.sub(r'[\ufff0-\uffff]', '', text)
+    text = re.sub(r'[\u200b-\u200f\u2028-\u202f\u2060-\u206f\ufeff]', '', text)
+    return text.strip()
 
 # 尝试加载数据，如果不存在则使用虚拟数据以确保运行
 try:
@@ -76,12 +80,21 @@ except FileNotFoundError:
         perturb_results[k]["non_member_loss_std"] = np.sqrt(0.03**2 + s**2)
 
 # ================================================================
-# 图表配色与基础函数
+# 全局图表配置
 # ================================================================
 COLORS = {
-    'bg': '#FFFFFF', 'panel': '#F5F7FA', 'grid': '#E2E8F0', 'text': '#1E293B', 'text_dim': '#64748B',     
-    'accent': '#007AFF', 'accent2': '#5856D6', 'danger': '#FF3B30', 'success': '#34C759', 'warning': '#FF9500',      
-    'baseline': '#8E8E93', 'ls_colors': ['#A0C4FF', '#70A1FF', '#478EFF', '#007AFF'], 
+    'bg': '#FFFFFF',           
+    'panel': '#F5F7FA',        
+    'grid': '#E2E8F0',         
+    'text': '#1E293B',         
+    'text_dim': '#64748B',     
+    'accent': '#007AFF',       
+    'accent2': '#5856D6',      
+    'danger': '#FF3B30',       
+    'success': '#34C759',      
+    'warning': '#FF9500',      
+    'baseline': '#8E8E93',     
+    'ls_colors': ['#A0C4FF', '#70A1FF', '#478EFF', '#007AFF'], 
     'op_colors': ['#98F5E1', '#6EE7B7', '#34D399', '#10B981', '#059669', '#047857'], 
 }
 CHART_W = 14
@@ -92,20 +105,38 @@ def apply_light_style(fig, ax_or_axes):
     for ax in axes:
         ax.set_facecolor(COLORS['panel'])
         for spine in ax.spines.values():
-            spine.set_color(COLORS['grid']); spine.set_linewidth(1)
+            spine.set_color(COLORS['grid'])
+            spine.set_linewidth(1)
         ax.tick_params(colors=COLORS['text_dim'], labelsize=10, width=1)
+        ax.xaxis.label.set_color(COLORS['text'])
+        ax.yaxis.label.set_color(COLORS['text'])
+        ax.title.set_color(COLORS['text'])
+        ax.title.set_fontweight('semibold')
         ax.grid(True, color=COLORS['grid'], alpha=0.6, linestyle='-', linewidth=0.8)
         ax.set_axisbelow(True) 
 
+# ================================================================
+# 辅助函数：根据是否有中文字体，自动设置标题和标签
+# ================================================================
+def set_ax_title(ax, title, is_title=True):
+    if zh_font_title and is_title: ax.set_title(title, fontproperties=zh_font_title, pad=15)
+    elif zh_font and not is_title: ax.set_xlabel(title, fontproperties=zh_font)
+    else: ax.set_title(title, fontweight='bold', pad=15) if is_title else ax.set_xlabel(title)
+
+# ================================================================
+# 保留 v9.0 的完美 Unicode ε 和 σ
+# ================================================================
 LS_KEYS = ["baseline", "smooth_eps_0.02", "smooth_eps_0.05", "smooth_eps_0.1", "smooth_eps_0.2"]
-LS_LABELS_PLOT = ["Baseline", r"LS($\epsilon$=0.02)", r"LS($\epsilon$=0.05)", r"LS($\epsilon$=0.1)", r"LS($\epsilon$=0.2)"]
+LS_LABELS_PLOT = ["Baseline", "LS(ε=0.02)", "LS(ε=0.05)", "LS(ε=0.1)", "LS(ε=0.2)"]
 LS_LABELS_MD = ["基线(Baseline)", "LS(ε=0.02)", "LS(ε=0.05)", "LS(ε=0.1)", "LS(ε=0.2)"]
 
 OP_SIGMAS = [0.005, 0.01, 0.015, 0.02, 0.025, 0.03]
 OP_KEYS = [f"perturbation_{s}" for s in OP_SIGMAS]
-OP_LABELS_PLOT = [f"OP($\sigma$={s})" for s in OP_SIGMAS]
+OP_LABELS_PLOT = [f"OP(σ={s})" for s in OP_SIGMAS]
 OP_LABELS_MD = [f"OP(σ={s})" for s in OP_SIGMAS]
 
+ALL_KEYS = LS_KEYS + OP_KEYS
+
 def gm(key, metric, default=0):
     if key in mia_results: return mia_results[key].get(metric, default)
     if key in perturb_results: return perturb_results[key].get(metric, default)
@@ -121,13 +152,58 @@ bl_acc = gu("baseline")
 bl_m_mean = gm("baseline", "member_loss_mean")
 bl_nm_mean = gm("baseline", "non_member_loss_mean")
 
+TYPE_CN = {'calculation': '基础计算', 'word_problem': '应用题', 'concept': '概念问答', 'error_correction': '错题订正'}
+
+np.random.seed(777)
+EVAL_POOL = []
+_types = ['calculation']*120 + ['word_problem']*90 + ['concept']*60 + ['error_correction']*30
+for _i in range(300):
+    _t = _types[_i]
+    if _t == 'calculation':
+        _a, _b = int(np.random.randint(10,500)), int(np.random.randint(10,500))
+        _op = ['+','-','x'][_i%3]
+        if _op=='+': _q,_ans=f"{_a} + {_b} = ?",str(_a+_b)
+        elif _op=='-': _q,_ans=f"{_a} - {_b} = ?",str(_a-_b)
+        else: _q,_ans=f"{_a} x {_b} = ?",str(_a*_b)
+    elif _t == 'word_problem':
+        _a,_b = int(np.random.randint(5,200)), int(np.random.randint(3,50))
+        _tpls = [(f"{_a} apples, ate {_b}, left?",str(_a-_b)), (f"{_a} per group, {_b} groups, total?",str(_a*_b))]
+        _q,_ans = _tpls[_i%len(_tpls)]
+    elif _t == 'concept':
+        _cs = [("area","Area = space occupied by a shape"),("perimeter","Perimeter = total boundary length")]
+        _cn,_df = _cs[_i%len(_cs)]; _q,_ans = f"What is {_cn}?",_df
+    else:
+        _a,_b = int(np.random.randint(10,99)), int(np.random.randint(10,99))
+        _w = _a+_b+int(np.random.choice([-1,1,-10,10]))
+        _q,_ans = f"Student got {_a}+{_b}={_w}, correct?",str(_a+_b)
+    item = {'question':_q,'answer':_ans,'type_cn':TYPE_CN[_t]}
+    for key in LS_KEYS:
+        acc = gu(key)/100; item[key] = bool(np.random.random()<acc)
+    EVAL_POOL.append(item)
+
 # ================================================================
-# 纯中文图表绘制 (严格应用学术标准)
+# 图表绘制函数 (全面汉化，强化对比)
 # ================================================================
-def set_ax_title(ax, title, is_title=True):
-    if zh_font_title and is_title: ax.set_title(title, fontproperties=zh_font_title, pad=15)
-    elif zh_font and not is_title: ax.set_xlabel(title, fontproperties=zh_font)
-    else: ax.set_title(title, fontweight='bold', pad=15) if is_title else ax.set_xlabel(title)
+def fig_gauge(loss_val, m_mean, nm_mean, thr, m_std, nm_std):
+    fig, ax = plt.subplots(figsize=(10, 2.6)); fig.patch.set_facecolor(COLORS['bg']); ax.set_facecolor(COLORS['panel'])
+    xlo = min(m_mean - 3.0 * m_std, loss_val - 0.005); xhi = max(nm_mean + 3.0 * nm_std, loss_val + 0.005)
+    ax.axvspan(xlo, thr, alpha=0.2, color=COLORS['accent']); ax.axvspan(thr, xhi, alpha=0.2, color=COLORS['danger'])
+    ax.axvline(m_mean, color=COLORS['accent'], lw=2, ls=':', alpha=0.8, zorder=2)
+    ax.text(m_mean - 0.002, 1.02, f'Member Mean\n{m_mean:.4f}', ha='right', va='bottom', fontsize=9, color=COLORS['accent'], transform=ax.get_xaxis_transform())
+    ax.axvline(nm_mean, color=COLORS['danger'], lw=2, ls=':', alpha=0.8, zorder=2)
+    ax.text(nm_mean + 0.002, 1.02, f'Non-Member Mean\n{nm_mean:.4f}', ha='left', va='bottom', fontsize=9, color=COLORS['danger'], transform=ax.get_xaxis_transform())
+    ax.axvline(thr, color=COLORS['text_dim'], lw=2.5, ls='--', zorder=3)
+    ax.text(thr, 1.25, f'Threshold\n{thr:.4f}', ha='center', va='bottom', fontsize=10, fontweight='bold', color=COLORS['text_dim'], transform=ax.get_xaxis_transform())
+    mc = COLORS['accent'] if loss_val < thr else COLORS['danger']
+    ax.plot(loss_val, 0.5, marker='o', ms=16, color='white', mec=mc, mew=3, zorder=5, transform=ax.get_xaxis_transform())
+    ax.text(loss_val, 0.75, f'Current Loss\n{loss_val:.4f}', ha='center', fontsize=11, fontweight='bold', color=mc, transform=ax.get_xaxis_transform())
+    ax.text((xlo+thr)/2, 0.25, 'MEMBER', ha='center', fontsize=12, color=COLORS['accent'], alpha=0.6, fontweight='bold', transform=ax.get_xaxis_transform())
+    ax.text((thr+xhi)/2, 0.25, 'NON-MEMBER', ha='center', fontsize=12, color=COLORS['danger'], alpha=0.6, fontweight='bold', transform=ax.get_xaxis_transform())
+    ax.set_xlim(xlo, xhi); ax.set_yticks([])
+    for s in ax.spines.values(): s.set_visible(False)
+    ax.spines['bottom'].set_visible(True); ax.spines['bottom'].set_color(COLORS['grid']); ax.tick_params(colors=COLORS['text_dim'], width=1)
+    ax.set_xlabel('Loss Value', fontsize=11, color=COLORS['text'], fontweight='medium'); plt.tight_layout(pad=0.5)
+    return fig
 
 def fig_auc_bar():
     names, vals, clrs = [], [], []
@@ -146,50 +222,35 @@ def fig_auc_bar():
     ax.set_ylim(0.45, max(vals)+0.05); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=11)
     plt.tight_layout(); return fig
 
-def fig_roc_curves():
-    fig, axes = plt.subplots(1, 2, figsize=(16, 7)); apply_light_style(fig, axes)
-    ax = axes[0]; ls_colors = [COLORS['danger']] + COLORS['ls_colors']
-    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)):
-        if k not in full_losses: continue
-        m = np.array(full_losses[k]['member_losses']); nm = np.array(full_losses[k]['non_member_losses'])
-        y_true = np.concatenate([np.ones(len(m)), np.zeros(len(nm))]); y_scores = np.concatenate([-m, -nm])
-        fpr, tpr, _ = roc_curve(y_true, y_scores); auc_val = roc_auc_score(y_true, y_scores)
-        ax.plot(fpr, tpr, color=ls_colors[i], lw=2.5, label=f'{l} (AUC={auc_val:.4f})')
-    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5); set_ax_title(ax, 'ROC ���线对比：标签平滑 (LS)')
-    if zh_font: ax.set_xlabel('假阳性率 (FPR)', fontproperties=zh_font); ax.set_ylabel('真阳性率 (TPR)', fontproperties=zh_font)
-    ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none')
-    
-    ax = axes[1]
-    if 'baseline' in full_losses:
-        ml_base = np.array(full_losses['baseline']['member_losses']); nl_base = np.array(full_losses['baseline']['non_member_losses']); y_true = np.concatenate([np.ones(len(ml_base)), np.zeros(len(nl_base))]); y_scores = np.concatenate([-ml_base, -nl_base])
-        fpr, tpr, _ = roc_curve(y_true, y_scores); ax.plot(fpr, tpr, color=COLORS['danger'], lw=2.5, label=f'Baseline (AUC={bl_auc:.4f})')
-        for i, s in enumerate(OP_SIGMAS):
-            rng_m = np.random.RandomState(42); rng_nm = np.random.RandomState(137); mp = ml_base + rng_m.normal(0, s, len(ml_base)); np_ = nl_base + rng_nm.normal(0, s, len(nl_base)); y_scores_p = np.concatenate([-mp, -np_]); fpr_p, tpr_p, _ = roc_curve(y_true, y_scores_p); auc_p = roc_auc_score(y_true, y_scores_p)
-            ax.plot(fpr_p, tpr_p, color=COLORS['op_colors'][i], lw=2, label=f'OP($\sigma$={s}) (AUC={auc_p:.4f})')
-    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5); set_ax_title(ax, 'ROC 曲线对比：输出扰动 (OP)')
-    if zh_font: ax.set_xlabel('假阳性率 (FPR)', fontproperties=zh_font); ax.set_ylabel('真阳性率 (TPR)', fontproperties=zh_font)
-    ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', loc='lower right'); plt.tight_layout()
-    return fig
+def fig_radar():
+    ms = ['AUC', 'Atk Acc', 'Prec', 'Recall', 'F1', 'TPR@5%', 'TPR@1%', 'Gap']
+    mk = ['auc', 'attack_accuracy', 'precision', 'recall', 'f1', 'tpr_at_5fpr', 'tpr_at_1fpr', 'loss_gap']
+    N = len(ms); ag = np.linspace(0, 2 * np.pi, N, endpoint=False).tolist() + [0]
+    fig, axes = plt.subplots(1, 2, figsize=(CHART_W + 2, 7), subplot_kw=dict(polar=True)); fig.patch.set_facecolor('white')
 
-def fig_tpr_at_low_fpr():
-    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); labels_all, tpr5_all, tpr1_all, colors_all = [], [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
-    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(ls_c[i])
-    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(COLORS['op_colors'][i])
-    x = range(len(labels_all)); ax = axes[0]; bars = ax.bar(x, tpr5_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
-    for b, v in zip(bars, tpr5_all): ax.text(b.get_x()+b.get_width()/2, v+0.005, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
-    set_ax_title(ax, '实战极限防御：5% 误报率下的 TPR'); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.05, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7)
-    
-    ax = axes[1]; bars = ax.bar(x, tpr1_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
-    for b, v in zip(bars, tpr1_all): ax.text(b.get_x()+b.get_width()/2, v+0.003, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
-    set_ax_title(ax, '实战极限防御：1% 误报率下的 TPR (极其严格)'); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.01, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7); plt.tight_layout()
+    ls_cfgs = [("Baseline", "baseline", '#F04438'), ("LS(ε=0.02)", "smooth_eps_0.02", '#B2DDFF'), ("LS(ε=0.05)", "smooth_eps_0.05", '#84CAFF'), ("LS(ε=0.1)", "smooth_eps_0.1", '#2E90FA'), ("LS(ε=0.2)", "smooth_eps_0.2", '#7A5AF8')]
+    op_cfgs = [("Baseline", "baseline", '#F04438'), ("OP(σ=0.005)", "perturbation_0.005", '#A6F4C5'), ("OP(σ=0.01)", "perturbation_0.01", '#6CE9A6'), ("OP(σ=0.015)", "perturbation_0.015", '#32D583'), ("OP(σ=0.02)", "perturbation_0.02", '#12B76A'), ("OP(σ=0.025)", "perturbation_0.025", '#039855'), ("OP(σ=0.03)", "perturbation_0.03", '#027A48')]
+
+    for ax_idx, (ax, cfgs, title) in enumerate([(axes[0], ls_cfgs, '多维防御指标雷达图：标签平滑 (LS)'), (axes[1], op_cfgs, '多维防御指标雷达图：输出扰动 (OP)')]):
+        ax.set_facecolor('white')
+        mx = [max(gm(k, m_key) for _, k, _ in cfgs) for m_key in mk]; mx = [m if m > 0 else 1 for m in mx]
+        for nm, ky, cl in cfgs:
+            v = [gm(ky, m_key) / mx[i] for i, m_key in enumerate(mk)]; v += [v[0]]
+            ax.plot(ag, v, 'o-', lw=2.8 if ky == 'baseline' else 1.8, label=nm, color=cl, ms=5, alpha=0.95 if ky == 'baseline' else 0.85)
+            ax.fill(ag, v, alpha=0.10 if ky == 'baseline' else 0.04, color=cl)
+        ax.set_xticks(ag[:-1]); ax.set_xticklabels(ms, fontsize=10, color=COLORS['text']); ax.set_yticklabels([])
+        if zh_font_title: ax.set_title(title, fontproperties=zh_font_title, pad=25)
+        ax.legend(loc='upper right', bbox_to_anchor=(1.35 if ax_idx == 1 else 1.30, 1.12), fontsize=9, framealpha=0.9, edgecolor=COLORS['grid'])
+        ax.spines['polar'].set_color(COLORS['grid']); ax.grid(color=COLORS['grid'], alpha=0.5)
+    plt.tight_layout()
     return fig
 
-# 🌟 修复并放大的终极 3联 Loss 分布对比图
+# 🌟 重构的无敌大直方图：基线 vs LS vs OP 横向直接对比
 def fig_d3_dist_compare():
     configs = [
         ("基线模型 (无防御)", "baseline", COLORS['danger'], None),
-        (r"标签平滑 (LS, $\epsilon$=0.2)", "smooth_eps_0.2", COLORS['accent2'], None),
-        (r"输出扰动 (OP, $\sigma$=0.03)", "baseline", COLORS['success'], 0.03),
+        ("标签平滑 (LS, ε=0.2)", "smooth_eps_0.2", COLORS['accent2'], None),
+        ("输出扰动 (OP, σ=0.03)", "baseline", COLORS['success'], 0.03),
     ]
     fig, axes = plt.subplots(1, 3, figsize=(18, 5))
     apply_light_style(fig, axes)
@@ -205,8 +266,10 @@ def fig_d3_dist_compare():
                 nm_losses = nm_losses + rn.normal(0, sigma, len(nm_losses))
             all_v = np.concatenate([m_losses, nm_losses])
             bins = np.linspace(all_v.min(), all_v.max(), 35)
-            ax.hist(m_losses, bins=bins, alpha=0.55, color=COLORS['accent'], label='成员 (Member)', density=True, edgecolor='white')
-            ax.hist(nm_losses, bins=bins, alpha=0.55, color=COLORS['danger'], label='非成员 (Non-Member)', density=True, edgecolor='white')
+            # 使用原生的蓝色和红色表示成员和非成员，保持全场一致
+            ax.hist(m_losses, bins=bins, alpha=0.6, color=COLORS['accent'], label='成员 (Member)', density=True, edgecolor='white')
+            ax.hist(nm_losses, bins=bins, alpha=0.6, color=COLORS['danger'], label='非成员 (Non-Member)', density=True, edgecolor='white')
+            
             m_mean = np.mean(m_losses); nm_mean = np.mean(nm_losses)
             gap = nm_mean - m_mean
             ax.axvline(m_mean, color=COLORS['accent'], ls='--', lw=2, alpha=0.8)
@@ -225,53 +288,45 @@ def fig_d3_dist_compare():
     if zh_font: fig.suptitle('核心原理对比：防御策略对底层 Loss 分布的物理影响', fontproperties=zh_font_title, fontsize=16, y=1.05)
     plt.tight_layout(); return fig
 
-def fig_loss_gap_waterfall():
-    fig, ax = plt.subplots(figsize=(14, 6)); apply_light_style(fig, ax); names, gaps, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
-    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(ls_c[i])
-    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(COLORS['op_colors'][i])
-    bars = ax.bar(range(len(names)), gaps, color=clrs, width=0.65, edgecolor='none', zorder=3)
-    for b, v in zip(bars, gaps): ax.text(b.get_x()+b.get_width()/2, v+0.0005, f'{v:.4f}', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
-    set_ax_title(ax, '各模型 成员 vs 非成员 Loss 均值差距'); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=11); plt.tight_layout()
+def fig_roc_curves():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 7)); apply_light_style(fig, axes)
+    ax = axes[0]; ls_colors = [COLORS['danger']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)):
+        if k not in full_losses: continue
+        m = np.array(full_losses[k]['member_losses']); nm = np.array(full_losses[k]['non_member_losses'])
+        y_true = np.concatenate([np.ones(len(m)), np.zeros(len(nm))]); y_scores = np.concatenate([-m, -nm])
+        fpr, tpr, _ = roc_curve(y_true, y_scores); auc_val = roc_auc_score(y_true, y_scores)
+        ax.plot(fpr, tpr, color=ls_colors[i], lw=2.5, label=f'{l} (AUC={auc_val:.4f})')
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5); set_ax_title(ax, 'ROC 曲线对比：标签平滑 (LS)')
+    if zh_font: ax.set_xlabel('假阳性率 (FPR)', fontproperties=zh_font); ax.set_ylabel('真阳性率 (TPR)', fontproperties=zh_font)
+    ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none')
+    
+    ax = axes[1]
+    if 'baseline' in full_losses:
+        ml_base = np.array(full_losses['baseline']['member_losses']); nl_base = np.array(full_losses['baseline']['non_member_losses']); y_true = np.concatenate([np.ones(len(ml_base)), np.zeros(len(nl_base))]); y_scores = np.concatenate([-ml_base, -nl_base])
+        fpr, tpr, _ = roc_curve(y_true, y_scores); ax.plot(fpr, tpr, color=COLORS['danger'], lw=2.5, label=f'Baseline (AUC={bl_auc:.4f})')
+        for i, s in enumerate(OP_SIGMAS):
+            rng_m = np.random.RandomState(42); rng_nm = np.random.RandomState(137); mp = ml_base + rng_m.normal(0, s, len(ml_base)); np_ = nl_base + rng_nm.normal(0, s, len(nl_base)); y_scores_p = np.concatenate([-mp, -np_]); fpr_p, tpr_p, _ = roc_curve(y_true, y_scores_p); auc_p = roc_auc_score(y_true, y_scores_p)
+            ax.plot(fpr_p, tpr_p, color=COLORS['op_colors'][i], lw=2, label=f'OP(σ={s}) (AUC={auc_p:.4f})')
+    ax.plot([0,1], [0,1], '--', color=COLORS['text_dim'], lw=1.5); set_ax_title(ax, 'ROC 曲线对比：输出扰动 (OP)')
+    if zh_font: ax.set_xlabel('假阳性率 (FPR)', fontproperties=zh_font); ax.set_ylabel('真阳性率 (TPR)', fontproperties=zh_font)
+    ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none', loc='lower right'); plt.tight_layout()
     return fig
 
-def fig_radar():
-    ms = ['AUC', 'Atk Acc', 'Prec', 'Recall', 'F1', 'TPR@5%', 'TPR@1%', 'Gap']
-    mk = ['auc', 'attack_accuracy', 'precision', 'recall', 'f1', 'tpr_at_5fpr', 'tpr_at_1fpr', 'loss_gap']
-    N = len(ms); ag = np.linspace(0, 2 * np.pi, N, endpoint=False).tolist() + [0]
-    fig, axes = plt.subplots(1, 2, figsize=(CHART_W + 2, 7), subplot_kw=dict(polar=True)); fig.patch.set_facecolor('white')
-
-    ls_cfgs = [("Baseline", "baseline", '#F04438'), (r"LS($\epsilon$=0.02)", "smooth_eps_0.02", '#B2DDFF'), (r"LS($\epsilon$=0.05)", "smooth_eps_0.05", '#84CAFF'), (r"LS($\epsilon$=0.1)", "smooth_eps_0.1", '#2E90FA'), (r"LS($\epsilon$=0.2)", "smooth_eps_0.2", '#7A5AF8')]
-    op_cfgs = [("Baseline", "baseline", '#F04438'), (r"OP($\sigma$=0.005)", "perturbation_0.005", '#A6F4C5'), (r"OP($\sigma$=0.01)", "perturbation_0.01", '#6CE9A6'), (r"OP($\sigma$=0.015)", "perturbation_0.015", '#32D583'), (r"OP($\sigma$=0.02)", "perturbation_0.02", '#12B76A'), (r"OP($\sigma$=0.025)", "perturbation_0.025", '#039855'), (r"OP($\sigma$=0.03)", "perturbation_0.03", '#027A48')]
-
-    for ax_idx, (ax, cfgs, title) in enumerate([(axes[0], ls_cfgs, '多维防御指标雷达图：标签平滑 (LS)'), (axes[1], op_cfgs, '多维防御指标雷达图：输出扰动 (OP)')]):
-        ax.set_facecolor('white')
-        mx = [max(gm(k, m_key) for _, k, _ in cfgs) for m_key in mk]; mx = [m if m > 0 else 1 for m in mx]
-        for nm, ky, cl in cfgs:
-            v = [gm(ky, m_key) / mx[i] for i, m_key in enumerate(mk)]; v += [v[0]]
-            ax.plot(ag, v, 'o-', lw=2.8 if ky == 'baseline' else 1.8, label=nm, color=cl, ms=5, alpha=0.95 if ky == 'baseline' else 0.85)
-            ax.fill(ag, v, alpha=0.10 if ky == 'baseline' else 0.04, color=cl)
-        ax.set_xticks(ag[:-1]); ax.set_xticklabels(ms, fontsize=10, color=COLORS['text']); ax.set_yticklabels([])
-        if zh_font_title: ax.set_title(title, fontproperties=zh_font_title, pad=25)
-        ax.legend(loc='upper right', bbox_to_anchor=(1.35 if ax_idx == 1 else 1.30, 1.12), fontsize=9, framealpha=0.9, edgecolor=COLORS['grid'])
-        ax.spines['polar'].set_color(COLORS['grid']); ax.grid(color=COLORS['grid'], alpha=0.5)
-    plt.tight_layout(); return fig
-
-def fig_auc_trend():
-    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); ax = axes[0]; eps_vals = [0.0, 0.02, 0.05, 0.1, 0.2]; auc_vals = [gm(k, 'auc') for k in LS_KEYS]; acc_vals = [gu(k) for k in LS_KEYS]
-    ax2 = ax.twinx(); line1 = ax.plot(eps_vals, auc_vals, 'o-', color=COLORS['danger'], lw=3, ms=9, label='MIA AUC (Risk)', zorder=5); line2 = ax2.plot(eps_vals, acc_vals, 's--', color=COLORS['accent'], lw=3, ms=9, label='Utility %', zorder=5); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5)
-    ax.fill_between(eps_vals, auc_vals, 0.5, alpha=0.08, color=COLORS['danger'])
-    set_ax_title(ax, '标签平滑：参数变化趋势分析'); ax.set_xlabel(r'Label Smoothing $\epsilon$', fontsize=12)
-    if zh_font: ax.set_ylabel('隐私风险 (AUC)', fontproperties=zh_font, color=COLORS['danger']); ax2.set_ylabel('模型效用准确率 (%)', fontproperties=zh_font, color=COLORS['accent'])
-    ax.tick_params(axis='y', labelcolor=COLORS['danger']); ax2.tick_params(axis='y', labelcolor=COLORS['accent']); ax2.spines['right'].set_color(COLORS['accent']); ax2.spines['left'].set_color(COLORS['danger']); lines = line1 + line2; labels = [l.get_label() for l in lines]; ax.legend(lines, labels, fontsize=10, facecolor=COLORS['bg'], edgecolor='none')
+def fig_tpr_at_low_fpr():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); labels_all, tpr5_all, tpr1_all, colors_all = [], [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): labels_all.append(l); tpr5_all.append(gm(k, 'tpr_at_5fpr')); tpr1_all.append(gm(k, 'tpr_at_1fpr')); colors_all.append(COLORS['op_colors'][i])
+    x = range(len(labels_all)); ax = axes[0]; bars = ax.bar(x, tpr5_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, tpr5_all): ax.text(b.get_x()+b.get_width()/2, v+0.005, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
+    set_ax_title(ax, '实战极限防御：5% 误报率下的 TPR'); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.05, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7)
     
-    ax = axes[1]; sig_vals = OP_SIGMAS; auc_op = [gm(k, 'auc') for k in OP_KEYS]; ax.plot(sig_vals, auc_op, 'o-', color=COLORS['success'], lw=3, ms=9, zorder=5, label='MIA AUC'); ax.axhline(bl_auc, color=COLORS['danger'], ls='--', lw=2, alpha=0.6, label=f'Baseline ({bl_auc:.4f})'); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5); ax.fill_between(sig_vals, auc_op, bl_auc, alpha=0.2, color=COLORS['success'], label='AUC Reduction')
-    ax2r = ax.twinx(); ax2r.axhline(bl_acc, color=COLORS['success'], ls='-', lw=2.5, alpha=0.8)
-    if zh_font: ax2r.set_ylabel(f'效用维持 = {bl_acc:.1f}% (无损耗)', fontproperties=zh_font, color=COLORS['success'])
-    ax2r.set_ylim(0,100); ax2r.tick_params(axis='y', labelcolor=COLORS['success']); ax2r.spines['right'].set_color(COLORS['success'])
-    set_ax_title(ax, '输出扰动：参数变化趋势分析'); ax.set_xlabel(r'Perturbation $\sigma$', fontsize=12); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none'); plt.tight_layout()
+    ax = axes[1]; bars = ax.bar(x, tpr1_all, color=colors_all, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, tpr1_all): ax.text(b.get_x()+b.get_width()/2, v+0.003, f'{v:.3f}', ha='center', fontsize=9, fontweight='semibold', color=COLORS['text'])
+    set_ax_title(ax, '实战极限防御：1% 误报率下的 TPR (极其严格)'); ax.set_xticks(x); ax.set_xticklabels(labels_all, rotation=35, ha='right', fontsize=11); ax.axhline(0.01, color=COLORS['warning'], ls='--', lw=1.5, alpha=0.7); plt.tight_layout()
     return fig
 
-# 🌟 重构放大版效用评估图
+# 🌟 重构并放大的效用评估图
 def fig_acc_bar():
     names, vals, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
     for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)):
@@ -296,6 +351,166 @@ def fig_tradeoff():
     ax.legend(fontsize=11, loc='upper left', ncol=2, facecolor=COLORS['bg'], edgecolor='none'); plt.tight_layout()
     return fig
 
+def fig_auc_trend():
+    fig, axes = plt.subplots(1, 2, figsize=(16, 6.5)); apply_light_style(fig, axes); ax = axes[0]; eps_vals = [0.0, 0.02, 0.05, 0.1, 0.2]; auc_vals = [gm(k, 'auc') for k in LS_KEYS]; acc_vals = [gu(k) for k in LS_KEYS]
+    ax2 = ax.twinx(); line1 = ax.plot(eps_vals, auc_vals, 'o-', color=COLORS['danger'], lw=3, ms=9, label='MIA AUC (Risk)', zorder=5); line2 = ax2.plot(eps_vals, acc_vals, 's--', color=COLORS['accent'], lw=3, ms=9, label='Utility %', zorder=5); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5)
+    ax.fill_between(eps_vals, auc_vals, 0.5, alpha=0.08, color=COLORS['danger'])
+    set_ax_title(ax, '标签平滑：参数变化趋势分析'); ax.set_xlabel('Label Smoothing ε', fontsize=12)
+    if zh_font: ax.set_ylabel('隐私风险 (AUC)', fontproperties=zh_font, color=COLORS['danger']); ax2.set_ylabel('模型效用准确率 (%)', fontproperties=zh_font, color=COLORS['accent'])
+    ax.tick_params(axis='y', labelcolor=COLORS['danger']); ax2.tick_params(axis='y', labelcolor=COLORS['accent']); ax2.spines['right'].set_color(COLORS['accent']); ax2.spines['left'].set_color(COLORS['danger']); lines = line1 + line2; labels = [l.get_label() for l in lines]; ax.legend(lines, labels, fontsize=10, facecolor=COLORS['bg'], edgecolor='none')
+    
+    ax = axes[1]; sig_vals = OP_SIGMAS; auc_op = [gm(k, 'auc') for k in OP_KEYS]; ax.plot(sig_vals, auc_op, 'o-', color=COLORS['success'], lw=3, ms=9, zorder=5, label='MIA AUC'); ax.axhline(bl_auc, color=COLORS['danger'], ls='--', lw=2, alpha=0.6, label=f'Baseline ({bl_auc:.4f})'); ax.axhline(0.5, color=COLORS['text_dim'], ls=':', alpha=0.5, label='Random (0.5)'); ax.fill_between(sig_vals, auc_op, bl_auc, alpha=0.2, color=COLORS['success'], label='AUC Reduction')
+    ax2r = ax.twinx(); ax2r.axhline(bl_acc, color=COLORS['success'], ls='-', lw=2.5, alpha=0.8)
+    if zh_font: ax2r.set_ylabel(f'效用维持 = {bl_acc:.1f}% (无损耗)', fontproperties=zh_font, color=COLORS['success'])
+    ax2r.set_ylim(0,100); ax2r.tick_params(axis='y', labelcolor=COLORS['success']); ax2r.spines['right'].set_color(COLORS['success'])
+    set_ax_title(ax, '输出扰动：参数变化趋势分析'); ax.set_xlabel('Perturbation σ', fontsize=12); ax.legend(fontsize=10, facecolor=COLORS['bg'], edgecolor='none'); plt.tight_layout()
+    return fig
+
+def fig_loss_gap_waterfall():
+    fig, ax = plt.subplots(figsize=(14, 6)); apply_light_style(fig, ax); names, gaps, clrs = [], [], []; ls_c = [COLORS['baseline']] + COLORS['ls_colors']
+    for i, (k, l) in enumerate(zip(LS_KEYS, LS_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(ls_c[i])
+    for i, (k, l) in enumerate(zip(OP_KEYS, OP_LABELS_PLOT)): names.append(l); gaps.append(gm(k, 'loss_gap')); clrs.append(COLORS['op_colors'][i])
+    bars = ax.bar(range(len(names)), gaps, color=clrs, width=0.65, edgecolor='none', zorder=3)
+    for b, v in zip(bars, gaps): ax.text(b.get_x()+b.get_width()/2, v+0.0005, f'{v:.4f}', ha='center', fontsize=10, fontweight='semibold', color=COLORS['text'])
+    set_ax_title(ax, '各模型 成员 vs 非成员 Loss 均值差距'); ax.set_xticks(range(len(names))); ax.set_xticklabels(names, rotation=30, ha='right', fontsize=11); plt.tight_layout()
+    return fig
+
+# ================================================================
+# 回调函数
+# ================================================================
+def cb_sample(src):
+    pool = member_data if "训练集" in src else non_member_data
+    s = pool[np.random.randint(len(pool))]
+    m = s['metadata']
+    md = f"""
+    <table style="width:100%; border-collapse: collapse; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
+        <tr style="background-color: #F9F9F9;">
+            <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">字段</th>
+            <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">值</th>
+        </tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">姓名</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('name','')))}</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">学号</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('student_id','')))}</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">班级</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('class','')))}</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">成绩</td><td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{clean_text(str(m.get('score','')))} 分</td></tr>
+        <tr><td style="padding: 10px; color: #1D1D1F;">类型</td><td style="padding: 10px; color: #1D1D1F;">{TYPE_CN.get(s.get('task_type',''), '')}</td></tr>
+    </table>
+    """
+    return md, clean_text(s.get('question', '')), clean_text(s.get('answer', ''))
+
+ATK_CHOICES = (
+    ["基线模型 (Baseline)"] +
+    [f"标签平滑 (ε={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
+    [f"输出扰动 (σ={s})" for s in OP_SIGMAS]
+)
+ATK_MAP = {"基线模型 (Baseline)": "baseline"}
+for e in [0.02, 0.05, 0.1, 0.2]: ATK_MAP[f"标签平滑 (ε={e})"] = f"smooth_eps_{e}"
+for s in OP_SIGMAS: ATK_MAP[f"输出扰动 (σ={s})"] = f"perturbation_{s}"
+
+def cb_attack(idx, src, target):
+    is_mem = "训练集" in src
+    pool = member_data if is_mem else non_member_data
+    idx = min(int(idx), len(pool)-1)
+    sample = pool[idx]
+    key = ATK_MAP.get(target, "baseline")
+    is_op = key.startswith("perturbation_")
+
+    if is_op:
+        sigma = float(key.split("_")[1])
+        fr = full_losses.get('baseline', {})
+        lk = 'member_losses' if is_mem else 'non_member_losses'
+        ll = fr.get(lk, [])
+        base_loss = ll[idx] if idx < len(ll) else float(np.random.normal(bl_m_mean if is_mem else bl_nm_mean, 0.02))
+        np.random.seed(idx*1000 + int(sigma*10000))
+        loss = base_loss + np.random.normal(0, sigma)
+        
+        mm = gm(key, "member_loss_mean", 0.19) 
+        nm_m = gm(key, "non_member_loss_mean", 0.20)
+        ms = gm(key, "member_loss_std", np.sqrt(0.03**2 + sigma**2)) 
+        ns = gm(key, "non_member_loss_std", np.sqrt(0.03**2 + sigma**2))
+        auc_v = gm(key, "auc")
+        lbl = f"OP(σ={sigma})"
+    else:
+        info = mia_results.get(key, mia_results.get('baseline', {}))
+        fr = full_losses.get(key, full_losses.get('baseline', {}))
+        lk = 'member_losses' if is_mem else 'non_member_losses'
+        ll = fr.get(lk, [])
+        loss = ll[idx] if idx < len(ll) else float(np.random.normal(info.get('member_loss_mean',0.19), 0.02))
+        mm = info.get('member_loss_mean', 0.19); nm_m = info.get('non_member_loss_mean', 0.20)
+        ms = info.get('member_loss_std', 0.03); ns = info.get('non_member_loss_std', 0.03)
+        auc_v = info.get('auc', 0)
+        lbl = "Baseline" if key == "baseline" else f"LS(ε={key.replace('smooth_eps_','')})"
+
+    thr = (mm + nm_m) / 2
+    pred = loss < thr
+    correct = pred == is_mem
+    gauge = fig_gauge(loss, mm, nm_m, thr, ms, ns)
+
+    pl = "🔴 训练成员" if pred else "🟢 非训练成员"
+    al = "🔴 训练成员" if is_mem else "🟢 非训练成员"
+
+    if correct and pred and is_mem:
+        v = f"<div style='background-color: #FFEBEE; border-left: 4px solid {COLORS['danger']}; padding: 12px; border-radius: 8px; color: {COLORS['danger']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>⚠️ <b>攻击成功：隐私泄露</b><br><span style='font-size: 0.9em; color: #B71C1C;'>模型对该样本过于熟悉（Loss < 阈值），攻击者成功判定为训练数据。</span></div>"
+    elif correct:
+        v = f"<div style='background-color: #E8F5E9; border-left: 4px solid {COLORS['success']}; padding: 12px; border-radius: 8px; color: {COLORS['success']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>✅ <b>判定正确</b><br><span style='font-size: 0.9em; color: #1B5E20;'>攻击者判定与真实身份一致。</span></div>"
+    else:
+        v = f"<div style='background-color: #E3F2FD; border-left: 4px solid {COLORS['accent']}; padding: 12px; border-radius: 8px; color: {COLORS['accent']}; box-shadow: 0 2px 5px rgba(0,0,0,0.05); margin-top: 0px;'>🛡️ <b>防御成功</b><br><span style='font-size: 0.9em; color: #0D47A1;'>攻击者判定错误，防御起到了保护作用。</span></div>"
+
+    table_html = f"""
+    <table style="width:100%; border-collapse: collapse; margin-top: 10px; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
+        <thead style="background-color: #F9F9F9;">
+            <tr>
+                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">项目</th>
+                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">攻击者判定</th>
+                <th style="padding: 10px; text-align: left; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">真实身份</th>
+            </tr>
+        </thead>
+        <tbody>
+            <tr>
+                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">身份</td>
+                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{pl}</td>
+                <td style="padding: 10px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{al}</td>
+            </tr>
+            <tr>
+                <td style="padding: 10px; color: #1D1D1F;">Loss / 阈值</td>
+                <td style="padding: 10px; color: #1D1D1F;">Loss: {loss:.4f}</td>
+                <td style="padding: 10px; color: #1D1D1F;">阈值: {thr:.4f}</td>
+            </tr>
+        </tbody>
+    </table>
+    """
+    
+    res = v + f"<div style='font-weight: 600; margin: 12px 0 8px 0;'>🎯 攻击目标: {lbl} <span style='margin-left: 20px; color: #86868B;'>📊 AUC: {auc_v:.4f}</span></div>" + table_html
+    qtxt = f"**样本 #{idx}**\n\n" + clean_text(sample.get('question',''))[:500]
+    return qtxt, gauge, res
+
+EVAL_CHOICES = (
+    ["基线模型"] +
+    [f"标签平滑 (ε={e})" for e in [0.02, 0.05, 0.1, 0.2]] +
+    [f"输出扰动 (σ={s})" for s in OP_SIGMAS]
+)
+EVAL_KEY_MAP = {"基线模型": "baseline"}
+for e in [0.02, 0.05, 0.1, 0.2]: EVAL_KEY_MAP[f"标签平滑 (ε={e})"] = f"smooth_eps_{e}"
+for s in OP_SIGMAS: EVAL_KEY_MAP[f"输出扰动 (σ={s})"] = "baseline"
+
+def cb_eval(model_choice):
+    k = EVAL_KEY_MAP.get(model_choice, "baseline")
+    acc = gu(k) if "输出扰动" not in model_choice else bl_acc
+    q = EVAL_POOL[np.random.randint(len(EVAL_POOL))]
+    ok = q.get(k, q.get('baseline', False))
+    ic = "✅ 正确" if ok else "❌ 错误"
+    note = "\n\n> 输出扰动不改变模型参数，准确率与基线一致。" if "输出扰动" in model_choice else ""
+    table_html = f"""
+    <table style="width:100%; border-collapse: collapse; margin-top: 15px; border: 1px solid #E2E8F0; border-radius: 8px; overflow: hidden;">
+        <tbody>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0; width: 100px;">类型</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['type_cn']}</td></tr>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">题目</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['question']}</td></tr>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600; border-bottom: 1px solid #E2E8F0;">正确答案</td><td style="padding: 12px; color: #1D1D1F; border-bottom: 1px solid #E2E8F0;">{q['answer']}</td></tr>
+            <tr><td style="padding: 12px; color: #86868B; font-weight: 600;">判定</td><td style="padding: 12px; color: #1D1D1F;">{ic}</td></tr>
+        </tbody>
+    </table>
+    """
+    return (f"<div style='font-weight: 600; margin-bottom: 10px;'>🤖 模型: {model_choice} <span style='margin-left: 20px; color: #86868B;'>🎯 准确率: {acc:.1f}%</span></div>" + table_html + note)
+
 def build_full_table():
     rows = []
     for k, l in zip(LS_KEYS, LS_LABELS_MD):
@@ -312,7 +527,7 @@ def build_full_table():
     return header + "\n" + "\n".join(rows)
 
 # ================================================================
-# UI 样式
+# CSS - 简约苹果风
 # ================================================================
 CSS = """
 :root { --primary-blue: #007AFF; --bg-light: #F5F5F7; --card-bg: #FFFFFF; --text-dark: #1D1D1F; --text-gray: #86868B; --border-color: #D2D2D7; }
@@ -325,6 +540,7 @@ body { background-color: var(--bg-light) !important; font-family: -apple-system,
 .card-wrap { background: var(--card-bg) !important; border: 1px solid var(--border-color) !important; border-radius: 14px !important; padding: 24px !important; box-shadow: 0 2px 8px rgba(0,0,0,0.04) !important; }
 .dim-label { display:inline-block; padding:3px 10px; border-radius:6px; font-size:12px; font-weight:700; letter-spacing:0.05em; margin-right:8px; }
 .dim1 { background:#FEF3F2; color:#B42318; } .dim2 { background:#FFFAEB; color:#B54708; } .dim3 { background:#F4F3FF; color:#5925DC; } .dim4 { background:#EFF8FF; color:#175CD3; } .dim5 { background:#F0FDF9; color:#107569; }
+footer { display: none !important; }
 """
 
 # ================================================================
@@ -358,11 +574,11 @@ with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo
 * 🛡️ **输出扰动 (Output Perturbation, 推理期)**：给 AI 的输出加上“变声器”。强行混入高斯噪声，让攻击者看到的 Loss 忽高忽低，彻底失灵。
 """)
         
-        # 恢复了丢失的系统总览图
+        # 恢复实验体系总览图
         if os.path.exists(os.path.join(BASE_DIR, "figures", "algo4_overview_cn_final.png")):
             gr.Image(os.path.join(BASE_DIR, "figures", "algo4_overview_cn_final.png"), label="实验体系总览图", show_label=False)
             
-        # 恢复了首页的图案数据卡片
+        # 恢复首页图案数据卡片
         gr.HTML(f"""<div style="display:grid;grid-template-columns:repeat(4,1fr);gap:20px;margin:30px 0;">
         <div class="card-wrap" style="text-align:center;">
             <div style="font-size:32px;font-weight:700;color:{COLORS['accent']};margin-bottom:8px;">5</div>
@@ -386,7 +602,7 @@ with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo
         </div>
         </div>""")
         
-        # 恢复了首页的大表格
+        # 恢复首页大表格
         with gr.Accordion("📋 查阅全部 11组模型 × 8大维度 详细汇总表", open=True):
             gr.Markdown(build_full_table())
 
@@ -430,6 +646,20 @@ with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo
         if os.path.exists(os.path.join(BASE_DIR, "figures", "algo3_output_perturbation.png")):
             gr.Image(os.path.join(BASE_DIR, "figures", "algo3_output_perturbation.png"), show_label=False)
 
+    with gr.Tab("🎯 攻击验证"):
+        gr.Markdown("## 🕵️ 成员推理攻击交互演示\n\n配置攻击目标与数据源，系统将执行 Loss 计算并映射判定边界。")
+        with gr.Row():
+            with gr.Column(scale=1):
+                a_t = gr.Dropdown(choices=ATK_CHOICES, value=ATK_CHOICES[0], label="🎯 选择被攻击模型", interactive=True)
+                a_s = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"], value="成员数据（训练集）", label="📂 输入数据源")
+                a_i = gr.Slider(0, 999, step=1, value=12, label="📌 定位样本 ID")
+                a_b = gr.Button("⚡ 执行成员推理攻击", variant="primary")
+                a_qt = gr.HTML() 
+            with gr.Column(scale=2):
+                a_g = gr.Plot(label="Loss位置判定 (Decision Boundary)")
+                a_r = gr.HTML()
+        a_b.click(cb_attack, [a_i, a_s, a_t], [a_qt, a_g, a_r])
+
     with gr.Tab("🛡️ 五维度攻防分析"):
         gr.Markdown("## 多维度攻防效果完整论证")
 
@@ -454,9 +684,12 @@ with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo
 > **LS 的防御本质：** 随着 ε 增大，两座山峰趋于重合，均值差距缩小到了 {gm('smooth_eps_0.2','loss_gap'):.4f}。这是“物理抹除”了模型记忆。
 > **OP 的防御本质：** 均值差距未变，但高斯噪声导致分布变得极其扁平宽阔，红蓝区域被完全搅混，蒙蔽了攻击者的双眼。
 """)
-        # 调用专门提取的 3 联核心横向直方图！
-        gr.Plot(value=fig_d3_dist_compare())
+        gr.Plot(value=fig_d3_dist_compare()) 
         gr.Plot(value=fig_loss_gap_waterfall())
+        
+        with gr.Accordion("📉 查看所有模型详细 Loss 分布直方图", open=False):
+            gr.Plot(value=fig_loss_dist())
+            gr.Plot(value=fig_perturb_dist())
 
         gr.HTML('<div style="margin:40px 0 8px;"><span class="dim-label dim4">D4</span><strong style="font-size:18px;color:#1D2939;">无死角压制维度 — 证明“防御没有偏科”</strong></div>')
         gr.Markdown("""\
@@ -465,14 +698,9 @@ with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo
 """)
         gr.Plot(value=fig_radar())
 
-        gr.HTML('<div style="margin:40px 0 8px;"><span class="dim-label dim5">D5</span><strong style="font-size:18px;color:#1D2939;">落地代价维度 — 证明“隐私与效用的完美平衡”</strong></div>')
-        gr.Markdown(f"""\
-> 抛开模型能力谈安全是纸上谈兵。
-> **输出扰动 (OP)：** 实现了完美的 **零效用损耗（维持 {bl_acc:.1f}%）**。
-> **标签平滑 (LS)：** 打出了惊艳的 **双赢 (Win-Win)**，效用曲线逆势上扬到了 {gu('smooth_eps_0.2'):.1f}%（不仅保护了隐私，还治好了过拟合）。
-""")
-        gr.Plot(value=fig_auc_trend())
-        
+        # ================================================================
+        # 详细参数表格完整保留
+        # ================================================================
         with gr.Accordion("📖 查看详细防御参数表格", open=False):
             detail_md = ""
             for eps in [0.02, 0.05, 0.1, 0.2]:
@@ -510,13 +738,21 @@ with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo
             gr.Markdown(detail_md)
 
     with gr.Tab("⚖️ 效用评估"):
-        gr.Markdown("## 📊 模型测试集准确率分析与在线抽查")
-        # 修正：并排展示放大的效用柱状图和散点图
+        gr.HTML('<div style="margin:20px 0 8px;"><span class="dim-label dim5">D5</span><strong style="font-size:18px;color:#1D2939;">落地代价维度 — 证明“隐私与效用的完美平衡”</strong></div>')
+        gr.Markdown(f"""\
+> 抛开模型能力谈安全是纸上谈兵。
+> **输出扰动 (OP)：** 实现了完美的 **零效用损耗（维持 {bl_acc:.1f}%）**。
+> **标签平滑 (LS)：** 打出了惊艳的 **双赢 (Win-Win)**，效用曲线逆势上扬到了 {gu('smooth_eps_0.2'):.1f}%（不仅保护了隐私，还治好了过拟合）。
+""")
+        gr.Plot(value=fig_auc_trend())
+        
+        # 恢复放大版的效用柱状图和散点图
+        gr.Markdown("## 📊 模型测试集准确率分析")
         with gr.Row():
             with gr.Column(): gr.Plot(value=fig_acc_bar())
             with gr.Column(): gr.Plot(value=fig_tradeoff())
             
-        gr.Markdown("### 🧪 在线题库抽检")
+        gr.Markdown("### 🧪 在线抽题演示")
         with gr.Row():
             with gr.Column(scale=1):
                 e_m = gr.Dropdown(choices=EVAL_CHOICES, value="基线模型", label="🤖 选择测试模型", interactive=True)
@@ -545,6 +781,10 @@ with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Soft(), css=CSS) as demo
 | σ 参数 | AUC | AUC降幅 | 效用 |
 |---|---|---|---|
 | σ=0.005 | {gm('perturbation_0.005','auc'):.4f} | {bl_auc-gm('perturbation_0.005','auc'):.4f} | {bl_acc:.1f}% |
+| σ=0.01 | {gm('perturbation_0.01','auc'):.4f} | {bl_auc-gm('perturbation_0.01','auc'):.4f} | {bl_acc:.1f}% |
+| σ=0.015 | {gm('perturbation_0.015','auc'):.4f} | {bl_auc-gm('perturbation_0.015','auc'):.4f} | {bl_acc:.1f}% |
+| σ=0.02 | {gm('perturbation_0.02','auc'):.4f} | {bl_auc-gm('perturbation_0.02','auc'):.4f} | {bl_acc:.1f}% |
+| σ=0.025 | {gm('perturbation_0.025','auc'):.4f} | {bl_auc-gm('perturbation_0.025','auc'):.4f} | {bl_acc:.1f}% |
 | σ=0.03 | {gm('perturbation_0.03','auc'):.4f} | {bl_auc-gm('perturbation_0.03','auc'):.4f} | {bl_acc:.1f}% |
 **核心发现：零效用损失，不需重新训练，即插即用。**