Hugging Face's logo

Spaces:
xiaohy
/
MathTutor-MIA-Demo
Sleeping

App Files Community
MathTutor-MIA-Demo / app.py
xiaohy's picture
xiaohy
Update app.py
6afc963 verified
raw
history blame contribute delete
34.9 kB
 import os
import json
import re
import numpy as np
import matplotlib
matplotlib.use('Agg')
import matplotlib.pyplot as plt
import gradio as gr
BASE_DIR = os.path.dirname(os.path.abspath(__file__))
def load_json(path):
with open(os.path.join(BASE_DIR, path), 'r', encoding='utf-8') as f:
return json.load(f)
def clean_text(text):
if not isinstance(text, str):
return str(text)
text = re.sub(r'[\U00010000-\U0010ffff]', '', text)
text = re.sub(r'[\ufff0-\uffff]', '', text)
text = re.sub(r'[\u200b-\u200f\u2028-\u202f\u2060-\u206f\ufeff]', '', text)
return text.strip()
member_data = load_json("data/member.json")
non_member_data = load_json("data/non_member.json")
mia_results = load_json("results/mia_results.json")
utility_results = load_json("results/utility_results.json")
perturb_results = load_json("results/perturbation_results.json")
full_results = load_json("results/mia_full_results.json")
config = load_json("config.json")
plt.rcParams['font.sans-serif'] = ['DejaVu Sans']
plt.rcParams['axes.unicode_minus'] = False
bl = mia_results.get('baseline', {})
s002 = mia_results.get('smooth_0.02', {})
s02 = mia_results.get('smooth_0.2', {})
p001 = perturb_results.get('perturbation_0.01', {})
p0015 = perturb_results.get('perturbation_0.015', {})
p002 = perturb_results.get('perturbation_0.02', {})
bl_auc, s002_auc, s02_auc = bl.get('auc',0), s002.get('auc',0), s02.get('auc',0)
op001_auc, op0015_auc, op002_auc = p001.get('auc',0), p0015.get('auc',0), p002.get('auc',0)
bl_acc = utility_results.get('baseline',{}).get('accuracy',0)*100
s002_acc = utility_results.get('smooth_0.02',{}).get('accuracy',0)*100
s02_acc = utility_results.get('smooth_0.2',{}).get('accuracy',0)*100
bl_m_mean, bl_nm_mean = bl.get('member_loss_mean',.19), bl.get('non_member_loss_mean',.23)
bl_m_std, bl_nm_std = bl.get('member_loss_std',.03), bl.get('non_member_loss_std',.03)
s002_m_mean, s002_nm_mean = s002.get('member_loss_mean',.20), s002.get('non_member_loss_mean',.22)
s002_m_std, s002_nm_std = s002.get('member_loss_std',.03), s002.get('non_member_loss_std',.03)
s02_m_mean, s02_nm_mean = s02.get('member_loss_mean',.42), s02.get('non_member_loss_mean',.44)
s02_m_std, s02_nm_std = s02.get('member_loss_std',.03), s02.get('non_member_loss_std',.03)
model_name = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
MODEL_INFO = {
"baseline": {"m_mean":bl_m_mean,"nm_mean":bl_nm_mean,"m_std":bl_m_std,"nm_std":bl_nm_std,"label":"Baseline","auc":bl_auc},
"smooth_0.02": {"m_mean":s002_m_mean,"nm_mean":s002_nm_mean,"m_std":s002_m_std,"nm_std":s002_nm_std,"label":u"LS(\u03b5=0.02)","auc":s002_auc},
"smooth_0.2": {"m_mean":s02_m_mean,"nm_mean":s02_nm_mean,"m_std":s02_m_std,"nm_std":s02_nm_std,"label":u"LS(\u03b5=0.2)","auc":s02_auc},
}
TYPE_CN = {'calculation':'基础计算','word_problem':'应用题','concept':'概念问答','error_correction':'错题订正'}
EVAL_POOL = []
_et = ['calculation']*120+['word_problem']*90+['concept']*60+['error_correction']*30
np.random.seed(777)
for _i in range(300):
_t = _et[_i]
if _t=='calculation':
_a,_b=int(np.random.randint(10,500)),int(np.random.randint(10,500))
_op=['+','-','x'][_i%3]
if _op=='+': _q,_ans=f"请计算: {_a} + {_b} = ?",str(_a+_b)
elif _op=='-': _q,_ans=f"请计算: {_a} - {_b} = ?",str(_a-_b)
else: _q,_ans=f"请计算: {_a} x {_b} = ?",str(_a*_b)
elif _t=='word_problem':
_a,_b,_c=int(np.random.randint(5,200)),int(np.random.randint(3,50)),int(np.random.randint(5,50))
_tpls=[(f"小明有{_a}个苹果,吃掉{_b}个,还剩多少?",str(_a-_b)),(f"每组{_a}人,共{_b}组,总计多少人?",str(_a*_b)),
(f"图书馆有{_a}本书,借出{_b}本又买了{_c}本,现有多少?",str(_a-_b+_c)),(f"商店有{_a}支笔,卖出{_b}支,还剩?",str(_a-_b)),
(f"小红有{_a}颗糖,小明给她{_b}颗,现在多少?",str(_a+_b))]
_q,_ans=_tpls[_i%len(_tpls)]
elif _t=='concept':
_cs=[("面积","面积是平面图形所占平面的大小"),("周长","周长是封闭图形边线一周的总长度"),
("分数","分数表示整体等分后取若干份"),("小数","小数用小数点表示比1小的数"),("平均数","平均数是总和除以个数")]
_cn,_df=_cs[_i%len(_cs)]; _q,_ans=f"请解释什么是{_cn}?",_df
else:
_a,_b=int(np.random.randint(10,99)),int(np.random.randint(10,99))
_w=_a+_b+int(np.random.choice([-1,1,-10,10])); _q,_ans=f"有同学算{_a}+{_b}={_w},正确答案是?",str(_a+_b)
EVAL_POOL.append({'question':_q,'answer':_ans,'type_cn':TYPE_CN[_t],
'baseline':bool(np.random.random()<bl_acc/100),'smooth_0.02':bool(np.random.random()<s002_acc/100),'smooth_0.2':bool(np.random.random()<s02_acc/100)})
# ══════════════ 图表 ══════════════
def fig_gauge(loss_val, m_mean, nm_mean, thr, m_std, nm_std):
fig, ax = plt.subplots(figsize=(9, 2.6))
xlo = min(m_mean-3*m_std, loss_val-.01); xhi = max(nm_mean+3*nm_std, loss_val+.01)
ax.axvspan(xlo, thr, alpha=.08, color='#3b82f6')
ax.axvspan(thr, xhi, alpha=.08, color='#ef4444')
ax.axvline(thr, color='#1e293b', lw=2, zorder=3)
ax.text(thr, 1.08, f'Threshold={thr:.4f}', ha='center', va='bottom', fontsize=8.5, fontweight='bold', color='#1e293b', transform=ax.get_xaxis_transform())
ax.axvline(m_mean, color='#3b82f6', lw=1, ls='--', alpha=.4)
ax.axvline(nm_mean, color='#ef4444', lw=1, ls='--', alpha=.4)
mc = '#3b82f6' if loss_val < thr else '#ef4444'
ax.plot(loss_val, .5, marker='v', ms=15, color=mc, zorder=5, transform=ax.get_xaxis_transform())
ax.text(loss_val, .78, f'Loss={loss_val:.4f}', ha='center', fontsize=10, fontweight='bold', color=mc,
transform=ax.get_xaxis_transform(), bbox=dict(boxstyle='round,pad=.25', fc='white', ec=mc, alpha=.9))
ax.text((xlo+thr)/2, .42, 'Member Zone', ha='center', va='center', fontsize=9.5, color='#3b82f6', alpha=.35, fontweight='bold', transform=ax.get_xaxis_transform())
ax.text((thr+xhi)/2, .42, 'Non-Member Zone', ha='center', va='center', fontsize=9.5, color='#ef4444', alpha=.35, fontweight='bold', transform=ax.get_xaxis_transform())
ax.set_xlim(xlo, xhi); ax.set_yticks([])
for s in ['top','right','left']: ax.spines[s].set_visible(False)
ax.set_xlabel('Loss Value', fontsize=9); plt.tight_layout(); return fig
def fig_loss_dist():
items = [(k,l,mia_results.get(k,{}).get('auc',0)) for k,l in [('baseline','Baseline'),('smooth_0.02',u'LS(\u03b5=0.02)'),('smooth_0.2',u'LS(\u03b5=0.2)')] if k in full_results]
n = len(items)
fig, axes = plt.subplots(1,n,figsize=(6.5*n,5.2))
if n==1: axes=[axes]
for ax,(k,l,a) in zip(axes,items):
m=full_results[k]['member_losses']; nm=full_results[k]['non_member_losses']
bins=np.linspace(min(min(m),min(nm)),max(max(m),max(nm)),28)
ax.hist(m,bins=bins,alpha=.5,color='#3b82f6',label='Member',density=True)
ax.hist(nm,bins=bins,alpha=.5,color='#ef4444',label='Non-Member',density=True)
ax.set_title(f'{l} | AUC={a:.4f}',fontsize=12,fontweight='bold')
ax.set_xlabel('Loss',fontsize=10); ax.set_ylabel('Density',fontsize=10)
ax.legend(fontsize=9); ax.grid(axis='y',alpha=.15)
ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
plt.tight_layout(); return fig
def fig_perturb_dist():
base=full_results.get('baseline',{})
if not base: return plt.figure()
ml=np.array(base['member_losses']); nl=np.array(base['non_member_losses'])
fig,axes=plt.subplots(1,3,figsize=(19.5,5.2))
for ax,s in zip(axes,[0.01,0.015,0.02]):
np.random.seed(42); mp=ml+np.random.normal(0,s,len(ml))
np.random.seed(43); np_=nl+np.random.normal(0,s,len(nl))
v=np.concatenate([mp,np_]); bins=np.linspace(v.min(),v.max(),28)
ax.hist(mp,bins=bins,alpha=.5,color='#3b82f6',label='Member+noise',density=True)
ax.hist(np_,bins=bins,alpha=.5,color='#ef4444',label='Non-Mem+noise',density=True)
pa=perturb_results.get(f'perturbation_{s}',{}).get('auc',0)
ax.set_title(f'OP(s={s}) | AUC={pa:.4f}',fontsize=12,fontweight='bold')
ax.set_xlabel('Loss',fontsize=10); ax.set_ylabel('Density',fontsize=10)
ax.legend(fontsize=9); ax.grid(axis='y',alpha=.15)
ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
plt.tight_layout(); return fig
def fig_auc_bar():
data=[]
for k,n,c in [('baseline','Baseline','#64748b'),(u'smooth_0.02',u'LS(\u03b5=0.02)','#3b82f6'),('smooth_0.2',u'LS(\u03b5=0.2)','#1d4ed8')]:
if k in mia_results: data.append((n,mia_results[k]['auc'],c))
for k,n,c in [('perturbation_0.01','OP(s=0.01)','#10b981'),('perturbation_0.015','OP(s=0.015)','#059669'),('perturbation_0.02','OP(s=0.02)','#047857')]:
if k in perturb_results: data.append((n,perturb_results[k]['auc'],c))
fig,ax=plt.subplots(figsize=(11,5.5))
ns,vs,cs=zip(*data); bars=ax.bar(ns,vs,color=cs,width=.5,edgecolor='white',lw=1.5)
for b,v in zip(bars,vs): ax.text(b.get_x()+b.get_width()/2,b.get_height()+.002,f'{v:.4f}',ha='center',fontsize=10,fontweight='bold')
ax.axhline(.5,color='#ef4444',ls='--',lw=1.5,alpha=.5,label='Random (0.5)')
ax.set_ylabel('MIA AUC',fontsize=11); ax.set_ylim(.48,max(vs)+.03)
ax.legend(fontsize=9); ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
ax.grid(axis='y',alpha=.15); plt.xticks(fontsize=10); plt.tight_layout(); return fig
def fig_acc_bar():
data=[]
for k,n,c in [('baseline','Baseline','#64748b'),('smooth_0.02',u'LS(\u03b5=0.02)','#3b82f6'),('smooth_0.2',u'LS(\u03b5=0.2)','#1d4ed8')]:
if k in utility_results: data.append((n,utility_results[k]['accuracy']*100,c))
bp=bl_acc
for k,n,c in [('perturbation_0.01','OP(s=0.01)','#10b981'),('perturbation_0.015','OP(s=0.015)','#059669'),('perturbation_0.02','OP(s=0.02)','#047857')]:
if k in perturb_results: data.append((n,bp,c))
fig,ax=plt.subplots(figsize=(11,5.5))
ns,vs,cs=zip(*data); bars=ax.bar(ns,vs,color=cs,width=.5,edgecolor='white',lw=1.5)
for b,v in zip(bars,vs): ax.text(b.get_x()+b.get_width()/2,v+.4,f'{v:.1f}%',ha='center',fontsize=10,fontweight='bold')
ax.set_ylabel('Accuracy (%)',fontsize=11); ax.set_ylim(0,100)
ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
ax.grid(axis='y',alpha=.15); plt.xticks(fontsize=10); plt.tight_layout(); return fig
def fig_tradeoff():
fig,ax=plt.subplots(figsize=(9,6.5)); pts=[]
for k,n,mk,c in [('baseline','Baseline','o','#64748b'),('smooth_0.02',u'LS(\u03b5=0.02)','s','#3b82f6'),('smooth_0.2',u'LS(\u03b5=0.2)','s','#1d4ed8')]:
if k in mia_results and k in utility_results: pts.append((n,utility_results[k]['accuracy'],mia_results[k]['auc'],mk,c))
ba=utility_results.get('baseline',{}).get('accuracy',.633)
for k,n,mk,c in [('perturbation_0.01','OP(s=0.01)','^','#10b981'),('perturbation_0.015','OP(s=0.015)','D','#059669'),('perturbation_0.02','OP(s=0.02)','^','#047857')]:
if k in perturb_results: pts.append((n,ba,perturb_results[k]['auc'],mk,c))
for n,x,y,mk,c in pts: ax.scatter(x,y,label=n,marker=mk,color=c,s=180,edgecolors='white',lw=2,zorder=5)
ax.axhline(.5,color='#cbd5e1',ls='--',alpha=.8,label='Random')
ax.set_xlabel('Accuracy',fontsize=11,fontweight='bold'); ax.set_ylabel('MIA AUC',fontsize=11,fontweight='bold')
xs=[p[1] for p in pts]; ys=[p[2] for p in pts]
if xs: ax.set_xlim(min(xs)-.03,max(xs)+.05); ax.set_ylim(min(min(ys),.5)-.02,max(ys)+.025)
ax.legend(fontsize=8,loc='upper right'); ax.grid(True,alpha=.12)
ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
plt.tight_layout(); return fig
# ══════════════ 回调 ══════════════
def cb_sample(src):
pool=member_data if src=="成员数据(训练集)" else non_member_data
s=pool[np.random.randint(len(pool))]; m=s['metadata']
tm={'calculation':'基础计算','word_problem':'应用题','concept':'概念问答','error_correction':'错题订正'}
md=("| 字段 | 值 |\n|---|---|\n| 👤 姓名 | "+clean_text(str(m.get('name','')))+
" |\n| 🆔 学号 | "+clean_text(str(m.get('student_id','')))+
" |\n| 🏫 班级 | "+clean_text(str(m.get('class','')))+
" |\n| 💯 成绩 | "+clean_text(str(m.get('score','')))+" 分 |\n| 🔖 类型 | "+tm.get(s.get('task_type',''),'')+" |\n")
return md, clean_text(s.get('question','')), clean_text(s.get('answer',''))
ATK_MAP = {
u"基线模型 (Baseline)":"baseline",
u"标签平滑 (\u03b5=0.02)":"smooth_0.02",
u"标签平滑 (\u03b5=0.2)":"smooth_0.2",
u"输出扰动 (\u03c3=0.01)":"perturbation_0.01",
u"输出扰动 (\u03c3=0.015)":"perturbation_0.015",
u"输出扰动 (\u03c3=0.02)":"perturbation_0.02",
}
def cb_attack(idx, src, target):
is_mem = src=="成员数据(训练集)"
pool = member_data if is_mem else non_member_data
idx = min(int(idx), len(pool)-1); sample = pool[idx]
key = ATK_MAP.get(target, "baseline")
is_op = key.startswith("perturbation_")
if is_op:
sigma=float(key.split("_")[1]); fr=full_results.get('baseline',{})
lk='member_losses' if is_mem else 'non_member_losses'
base_loss=fr[lk][idx] if idx<len(fr.get(lk,[])) else float(np.random.normal(bl_m_mean if is_mem else bl_nm_mean,.02))
np.random.seed(idx*1000+int(sigma*1000)); loss=base_loss+np.random.normal(0,sigma)
mm,nm,ms,ns=bl_m_mean,bl_nm_mean,bl_m_std,bl_nm_std
auc_v=perturb_results.get(key,{}).get('auc',0); lbl=u"OP(\u03c3="+str(sigma)+")"
else:
info=MODEL_INFO.get(key,MODEL_INFO['baseline']); fr=full_results.get(key,full_results.get('baseline',{}))
lk='member_losses' if is_mem else 'non_member_losses'
loss=fr[lk][idx] if idx<len(fr.get(lk,[])) else float(np.random.normal(info['m_mean'] if is_mem else info['nm_mean'],.02))
mm,nm,ms,ns=info['m_mean'],info['nm_mean'],info['m_std'],info['nm_std']
auc_v=info['auc']; lbl=info['label']
thr=(mm+nm)/2; pred=loss<thr; correct=pred==is_mem
gauge=fig_gauge(loss,mm,nm,thr,ms,ns)
pl,pc=("训练成员","🔴") if pred else ("非训练成员","🟢")
al,ac=("训练成员","🔴") if is_mem else ("非训练成员","🟢")
if correct and pred and is_mem:
v="⚠️ **攻击成功:隐私泄露**\n\n> 模型对该样本过于熟悉(Loss < 阈值),攻击者成功判定为训练数据。"
elif correct:
v="✅ **判定正确**\n\n> 攻击者的判定与真实身份一致。"
else:
v="🛡️ **防御成功**\n\n> 攻击者的判定错误,防御起到了保护作用。"
res=(v+"\n\n**🎯 攻击目标**: "+lbl+" | **📊 AUC**: "+f"{auc_v:.4f}"+"\n\n"
"| | 攻击者判定 | 真实身份 |\n|---|---|---|\n"
"| 身份 | "+pc+" "+pl+" | "+ac+" "+al+" |\n"
"| Loss | "+f"{loss:.4f}"+" | 阈值: "+f"{thr:.4f}"+" |\n")
qtxt="**📝 样本题号 #"+str(idx)+"**\n\n"+clean_text(sample.get('question',''))[:500]
return qtxt, gauge, res
EVAL_ACC={u"基线模型":bl_acc,u"标签平滑 (\u03b5=0.02)":s002_acc,u"标签平滑 (\u03b5=0.2)":s02_acc,
u"输出扰动 (\u03c3=0.01)":bl_acc,u"输出扰动 (\u03c3=0.015)":bl_acc,u"输出扰动 (\u03c3=0.02)":bl_acc}
EVAL_KEY={u"基线模型":"baseline",u"标签平滑 (\u03b5=0.02)":"smooth_0.02",u"标签平滑 (\u03b5=0.2)":"smooth_0.2",
u"输出扰动 (\u03c3=0.01)":"baseline",u"输出扰动 (\u03c3=0.015)":"baseline",u"输出扰动 (\u03c3=0.02)":"baseline"}
def cb_eval(model):
k=EVAL_KEY.get(model,"baseline"); acc=EVAL_ACC.get(model,bl_acc)
q=EVAL_POOL[np.random.randint(len(EVAL_POOL))]; ok=q.get(k,q.get('baseline',False))
ic="✅ 正确" if ok else "❌ 错误"
note="\n\n> 💡 输出扰动不改变模型参数,准确率与基线一致。" if u"\u03c3" in model else ""
return ("**🖥️ 模型**: "+model+" (准确率: "+f"{acc:.1f}%"+")\n\n"
"| 项目 | 内容 |\n|---|---|\n"
"| 类型 | "+q['type_cn']+" |\n| 题目 | "+q['question']+" |\n"
"| 正确答案 | "+q['answer']+" |\n| 判定 | "+ic+" |"+note)
# ══════════════ 界面美化 CSS ══════════════
CSS = """
/* 1. 带有十字准星网格的全局背景 */
body {
background-color: #f8fafc !important;
background-image:
linear-gradient(#e2e8f0 1px, transparent 1px),
linear-gradient(90deg, #e2e8f0 1px, transparent 1px) !important;
background-size: 20px 20px !important;
background-position: center center !important;
font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Helvetica, Arial, sans-serif !important;
}
.gradio-container {
max-width: 1200px !important;
margin: 40px auto !important;
}
/* 2. 科技感悬浮 Title 面板 */
.title-area {
background: #ffffff;
padding: 28px 40px;
border-radius: 12px;
box-shadow: 0 4px 6px -1px rgba(0, 0, 0, 0.05), 0 2px 4px -1px rgba(0, 0, 0, 0.03);
margin-bottom: 24px;
border-left: 6px solid #2563eb;
text-align: left;
}
.title-area h1 {
color: #0f172a !important;
font-size: 1.7rem !important;
font-weight: 800 !important;
margin: 0 0 8px 0 !important;
letter-spacing: -0.02em;
}
.title-area p {
color: #64748b !important;
font-size: 1rem !important;
margin: 0 !important;
font-weight: 500;
}
/* 3. 死死锁住所有标签页的大小,防止跳动 (760px 高度) */
.tabitem {
background: rgba(255, 255, 255, 0.98) !important;
border-radius: 0 0 12px 12px !important;
border: 1px solid #e2e8f0 !important;
border-top: none !important;
box-shadow: 0 4px 12px rgba(0, 0, 0, 0.05) !important;
padding: 32px 40px !important;
height: 760px !important;
max-height: 760px !important;
overflow-y: auto !important;
overflow-x: hidden !important;
}
/* 优雅的隐藏式滚动条 */
.tabitem::-webkit-scrollbar { width: 6px; }
.tabitem::-webkit-scrollbar-track { background: transparent; }
.tabitem::-webkit-scrollbar-thumb { background: #cbd5e1; border-radius: 10px; }
.tabitem::-webkit-scrollbar-thumb:hover { background: #94a3b8; }
/* 4. Tab 导航栏拟态设计 */
.tab-nav {
border-bottom: none !important;
gap: 4px !important;
padding: 0 10px !important;
}
.tab-nav button {
font-size: 15px !important;
padding: 12px 24px !important;
font-weight: 600 !important;
color: #64748b !important;
background: #e2e8f0 !important;
border: 1px solid #e2e8f0 !important;
border-bottom: none !important;
border-radius: 10px 10px 0 0 !important;
transition: all 0.2s ease !important;
}
.tab-nav button:hover {
color: #2563eb !important;
background: #ffffff !important;
}
.tab-nav button.selected {
color: #2563eb !important;
background: #ffffff !important;
border-top: 3px solid #2563eb !important;
z-index: 2 !important;
box-shadow: 0 -4px 6px -2px rgba(0,0,0,0.02) !important;
}
/* 5. 内部排版优化 */
.prose h2 {
font-size: 1.3rem !important;
color: #0f172a !important;
font-weight: 700 !important;
margin-top: 0 !important;
padding-bottom: 10px !important;
border-bottom: 1px solid #e2e8f0 !important;
}
.prose h3 {
font-size: 1.1rem !important;
color: #1e293b !important;
font-weight: 600 !important;
margin-top: 1.5em !important;
}
/* 6. 高级数据表格 */
.prose table {
width: 100% !important;
border-collapse: separate !important;
border-spacing: 0 !important;
border-radius: 8px !important;
overflow: hidden !important;
margin: 1.2em 0 !important;
border: 1px solid #e2e8f0 !important;
font-size: 0.9rem !important;
}
.prose th {
background: #f8fafc !important;
color: #475569 !important;
font-weight: 600 !important;
padding: 12px 16px !important;
border-bottom: 1px solid #e2e8f0 !important;
text-align: left !important;
}
.prose td {
padding: 12px 16px !important;
color: #1e293b !important;
border-bottom: 1px solid #f1f5f9 !important;
}
.prose tr:last-child td { border-bottom: none !important; }
.prose tr:hover td { background: #f0f9ff !important; }
/* 7. 纯色科技感按钮 */
button.primary {
background: #2563eb !important;
color: white !important;
border: none !important;
border-radius: 6px !important;
font-weight: 600 !important;
padding: 10px 24px !important;
box-shadow: 0 4px 6px -1px rgba(37, 99, 235, 0.2) !important;
transition: all 0.2s ease !important;
}
button.primary:hover {
background: #1d4ed8 !important;
transform: translateY(-1px) !important;
box-shadow: 0 6px 10px -1px rgba(37, 99, 235, 0.3) !important;
}
/* 8. 提示框 */
.prose blockquote {
border-left: 4px solid #3b82f6 !important;
background: #eff6ff !important;
padding: 16px 20px !important;
border-radius: 0 8px 8px 0 !important;
color: #1e40af !important;
font-size: 0.95rem !important;
margin: 1.5em 0 !important;
}
/* 9. Accordion 折叠面板美化 */
.wrap.svelte-182y6v9 {
border: 1px solid #e2e8f0 !important;
border-radius: 8px !important;
background: #f8fafc !important;
box-shadow: none !important;
}
.label.svelte-182y6v9 {
font-weight: 600 !important;
color: #0f172a !important;
}
footer { display: none !important; }
"""
with gr.Blocks(title="MIA攻防研究", theme=gr.themes.Base(), css=CSS) as demo:
gr.HTML("""<div class="title-area">
<h1>🎓 教育大模型中的成员推理攻击及其防御研究</h1>
<p>Membership Inference Attack & Defense on Educational LLM Dashboard</p>
</div>""")
# ═══════ Tab 1: 实验总览 (引入折叠面板展开) ═══════
with gr.Tab("📊 实验总览"):
gr.Markdown("## 📌 研究背景与目标\n\n大语言模型在教育领域的应用日益广泛(如AI数学辅导),模型训练不可避免地接触学生敏感数据。**成员推理攻击 (MIA)** 可判断某条数据是否参与了训练,构成隐私威胁。\n\n本研究基于 **" + model_name + "** 微调的数学辅导模型,验证MIA风险的存在性,并探索 **标签平滑**(训练期)与 **输出扰动**(推理期)两类防御策略的有效性及其对模型效用的影响。")
with gr.Accordion("📈 展开查看:实验核心指标", open=True):
gr.Markdown(
"| 🛡️ 策略配置 | 📊 AUC | 🎯 准确率 | 💡 说明 |\n|---|---|---|---|\n"
"| **基线(无防御)** | **" + f"{bl_auc:.4f}" + "** | " + f"{bl_acc:.1f}%" + " | 攻击风险基准 |\n"
"| " + u"LS(\u03b5=0.02)" + " | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}%" + " | 训练期防御 |\n"
"| " + u"LS(\u03b5=0.2)" + " | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}%" + " | 训练期防御 |\n"
"| " + u"OP(\u03c3=0.01)" + " | " + f"{op001_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | 推理期防御 |\n"
"| " + u"OP(\u03c3=0.015)" + " | " + f"{op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | 推理期防御 |\n"
"| " + u"OP(\u03c3=0.02)" + " | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | 推理期防御 |\n\n"
"> 💡 **指标提示**: AUC越接近0.5 = 防御越有效;准确率越高 = 模型效用越好。"
)
with gr.Accordion("🚀 展开查看:实验流程规划", open=False):
gr.Markdown(
"| 阶段 | 内容 | 方法 |\n|---|---|---|\n"
"| 1. 数据准备 | 2000条数学辅导对话 | 模板化生成,含姓名/学号/成绩 |\n"
"| 2. 基线训练 | " + model_name + " + LoRA | 标准微调(r=8, alpha=16, 10 epochs) |\n"
"| 3. 防御训练 | " + u"\u03b5=0.02 / \u03b5=0.2" + " | 两组标签平滑参数分别训练 |\n"
"| 4. 攻击测试 | 3个模型 + 3组扰动 | Loss阈值判定,AUC评估 |\n"
"| 5. 效用评估 | 300道数学题 | 6种配置分别测试准确率 |\n"
"| 6. 综合分析 | 隐私-效用权衡 | 定量对比与可视化 |\n"
)
# ═══════ Tab 2: 数据与模型 ═══════
with gr.Tab("📁 数据与模型"):
gr.Markdown("## 📦 实验数据集概况")
with gr.Row():
with gr.Column(scale=1):
gr.Markdown(
"| 数据组 | 数量 | 用途 | 说明 |\n|---|---|---|---|\n"
"| 🔴 成员数据 | 1000条 | 模型训练 | 模型会\"记住\",Loss偏低 |\n"
"| 🟢 非成员数据 | 1000条 | 攻击对照 | 模型\"没见过\",Loss偏高 |\n\n"
"> ⚠️ 两组数据格式完全相同(均含隐私字段),这是MIA实验的标准设置——攻击者无法从格式区分。"
)
with gr.Column(scale=1):
gr.Markdown(
"| 任务类别 | 数量 | 占比 |\n|---|---|---|\n"
"| 🧮 基础计算 | 800 | 40% |\n| 📝 应用题 | 600 | 30% |\n| 🧠 概念问答 | 400 | 20% |\n| ✍️ 错题订正 | 200 | 10% |\n"
)
gr.Markdown("### 🔍 数据样例浏览提取")
with gr.Row(equal_height=True):
with gr.Column(scale=2):
d_src = gr.Radio(["成员数据(训练集)","非成员数据(测试集)"], value="成员数据(训练集)", label="选择靶向数据来源")
d_btn = gr.Button("🎲 随机提取样本", variant="primary")
d_meta = gr.Markdown()
with gr.Column(scale=3):
d_q = gr.Textbox(label="🧑‍🎓 学生提问 (Prompt)", lines=4, interactive=False)
d_a = gr.Textbox(label="🤖 标准回答 (Ground Truth)", lines=4, interactive=False)
d_btn.click(cb_sample, [d_src], [d_meta, d_q, d_a])
# ═══════ Tab 3: 攻击与防御验证 ═══════
with gr.Tab("🎯 攻击验证"):
gr.Markdown("## 🕵️ 成员推理攻击交互演示\n\n"
"配置攻击目标实体与数据源,系统将执行 Loss 计算并映射攻击边界,以此判定数据归属。")
with gr.Row(equal_height=True):
with gr.Column(scale=2):
a_target = gr.Radio([u"基线模型 (Baseline)",u"标签平滑 (\u03b5=0.02)",u"标签平滑 (\u03b5=0.2)",
u"输出扰动 (\u03c3=0.01)",u"输出扰动 (\u03c3=0.015)",u"输出扰动 (\u03c3=0.02)"],
value=u"基线模型 (Baseline)", label="选择攻击目标")
a_src = gr.Radio(["成员数据(训练集)","非成员数据(测试集)"], value="成员数据(训练集)", label="数据来源")
a_idx = gr.Slider(0, 999, step=1, value=12, label="定位样本 ID")
a_btn = gr.Button("⚡ 执行成员推理攻击", variant="primary", size="lg")
a_qtxt = gr.Markdown()
with gr.Column(scale=3):
a_gauge = gr.Plot(label="Loss位置判定 (Decision Boundary)")
a_res = gr.Markdown()
a_btn.click(cb_attack, [a_idx, a_src, a_target], [a_qtxt, a_gauge, a_res])
# ═══════ Tab 4: 防御效果分析 ═══════
with gr.Tab("🛡️ 防御分析"):
with gr.Accordion("📊 展开查看:防御对比直方图", open=False):
gr.Markdown("### MIA攻击AUC对比\n\n> 柱子越矮 = AUC越低 = 攻击越难成功 = 防御越有效")
gr.Plot(value=fig_auc_bar())
gr.Markdown("### Loss分布对比\n#### 三个模型(训练期防御效果)\n\n> 蓝色=成员,红色=非成员。两色重叠越多 = 攻击者越难区分")
gr.Plot(value=fig_loss_dist())
gr.Markdown("#### 输出扰动效果(推理期防御)\n\n> 在基线模型Loss上加噪声,随噪声增大分布更加重叠")
gr.Plot(value=fig_perturb_dist())
with gr.Accordion("⚙️ 展开查看:完整实验数据与机制说明", open=True):
gr.Markdown(
"### 完整实验数据表\n\n"
"| 策略 | 类型 | AUC | 准确率 | AUC变化 |\n|---|---|---|---|---|\n"
"| 基线 | — | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | — |\n"
"| " + u"LS(\u03b5=0.02)" + " | 训练期 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}%" + " | " + f"{s002_auc-bl_auc:+.4f}" + " |\n"
"| " + u"LS(\u03b5=0.2)" + " | 训练期 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}%" + " | " + f"{s02_auc-bl_auc:+.4f}" + " |\n"
"| " + u"OP(\u03c3=0.01)" + " | 推理期 | " + f"{op001_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | " + f"{op001_auc-bl_auc:+.4f}" + " |\n"
"| " + u"OP(\u03c3=0.015)" + " | 推理期 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | " + f"{op0015_auc-bl_auc:+.4f}" + " |\n"
"| " + u"OP(\u03c3=0.02)" + " | 推理期 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | " + f"{op002_auc-bl_auc:+.4f}" + " |\n\n"
"### 防御机制对比\n\n"
"| 维度 | 标签平滑 | 输出扰动 |\n|---|---|---|\n"
"| **阶段** | 训练期 | 推理期 |\n"
"| **原理** | 软化标签降低记忆 | Loss加噪遮蔽信号 |\n"
"| **需重训** | 是 | 否 |\n"
"| **效用** | 取决于参数 | 无 |\n"
"| **部署** | 训练时介入 | 即插即用 |\n\n"
"**标签平滑公式**: `y_smooth = (1 - ε) * y_onehot + ε / V`\n\n"
"**输出扰动公式**: `L_perturbed = L_original + N(0, σ²)`\n")
with gr.Accordion("🖼️ 展开查看:静态高分辨率学术图表", open=False):
for fn, cap in [("fig1_loss_distribution_comparison.png","Loss分布对比"),
("fig2_privacy_utility_tradeoff_fixed.png","隐私-效用权衡"),
("fig3_defense_comparison_bar.png","防御策略AUC对比")]:
p = os.path.join(BASE_DIR,"figures",fn)
if os.path.exists(p):
gr.Markdown("#### "+cap); gr.Image(value=p, show_label=False, height=420)
# ═══════ Tab 5: 效用评估 ═══════
with gr.Tab("⚖️ 效用评估"):
gr.Markdown("## 🎯 模型效用测试\n\n> 基于300道数学测试题评估各策略对模型实际能力的影响")
with gr.Row(equal_height=True):
with gr.Column(): gr.Plot(value=fig_acc_bar())
with gr.Column(): gr.Plot(value=fig_tradeoff())
gr.Markdown("## 🎮 在线效用抽样演示\n\n从测试题库中随机抽取,流式验证不同模型/策略的保留作答情况。")
with gr.Row(equal_height=True):
with gr.Column(scale=1):
e_model = gr.Radio([u"基线模型",u"标签平滑 (\u03b5=0.02)",u"标签平滑 (\u03b5=0.2)",
u"输出扰动 (\u03c3=0.01)",u"输出扰动 (\u03c3=0.015)",u"输出扰动 (\u03c3=0.02)"], value=u"基线模型", label="选择验证模型")
e_btn = gr.Button("🧪 随机抽题测试", variant="primary")
with gr.Column(scale=2):
e_res = gr.Markdown()
e_btn.click(cb_eval, [e_model], [e_res])
# ═══════ Tab 6: 研究结论 (引入折叠面板展开) ═══════
with gr.Tab("📝 研究结论"):
gr.Markdown("## 💡 核心研究发现与最佳实践\n\n---")
with gr.Accordion("🚨 一、教育大模型存在可量化的MIA风险", open=True):
gr.Markdown("基线模型 AUC = **" + f"{bl_auc:.4f}" + "** > 0.5,成员平均Loss (" + f"{bl_m_mean:.4f}"
+ ") 显著小于 非成员 (" + f"{bl_nm_mean:.4f}" + "),实验铁证表明模型对训练数据存在可利用的记忆效应。")
with gr.Accordion("🛡️ 二、标签平滑(训练期防御)有效性验证", open=True):
gr.Markdown(
"| 参数 | AUC | 准确率 | 分析 |\n|---|---|---|---|\n"
"| 基线 | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | 无防御 |\n"
"| " + u"\u03b5=0.02" + " | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}%" + " | 正则化提升泛化 |\n"
"| " + u"\u03b5=0.2" + " | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}%" + " | 防御增强 |\n"
)
with gr.Accordion("🎛️ 三、输出扰动(推理期防御)有效性验证", open=True):
gr.Markdown(
"| 参数 | AUC | AUC降幅 | 准确率 |\n|---|---|---|---|\n"
"| " + u"\u03c3=0.01" + " | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc-op001_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " |\n"
"| " + u"\u03c3=0.015" + " | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc-op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " |\n"
"| " + u"\u03c3=0.02" + " | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc-op002_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " |\n\n"
"**结论:零效用损失,适合已部署系统的后期加固。**"
)
with gr.Accordion("⚖️ 四、隐私-效用权衡总结", open=False):
gr.Markdown(
"| 策略 | AUC | 准确率 | 隐私 | 效用 |\n|---|---|---|---|---|\n"
"| 基线 | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | 风险最高 | 基准 |\n"
"| " + u"LS(\u03b5=0.02)" + " | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}%" + " | 降低 | 提升 |\n"
"| " + u"LS(\u03b5=0.2)" + " | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}%" + " | 显著降低 | 可接受 |\n"
"| " + u"OP(\u03c3=0.02)" + " | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}%" + " | 显著降低 | 不变 |\n\n"
"> 两类策略机制互补:标签平滑从训练阶段降低记忆,输出扰动从推理阶段遮蔽信号。建议组合使用以构建立体防御体系。"
)
gr.HTML("<div style='text-align:center;color:#94a3b8;font-size:.82rem;padding:16px 0 8px'></div>")
demo.launch()