Update app.py

app.py

@@ -48,17 +48,14 @@ bl_m_mean = mia_results.get('baseline', {}).get('member_loss_mean', 0.19)
 bl_nm_mean = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.23)
 bl_m_std = mia_results.get('baseline', {}).get('member_loss_std', 0.03)
 bl_nm_std = mia_results.get('baseline', {}).get('non_member_loss_std', 0.03)
-
 s002_m_mean = mia_results.get('smooth_0.02', {}).get('member_loss_mean', 0.20)
 s002_nm_mean = mia_results.get('smooth_0.02', {}).get('non_member_loss_mean', 0.22)
 s002_m_std = mia_results.get('smooth_0.02', {}).get('member_loss_std', 0.03)
 s002_nm_std = mia_results.get('smooth_0.02', {}).get('non_member_loss_std', 0.03)
-
 s02_m_mean = mia_results.get('smooth_0.2', {}).get('member_loss_mean', 0.21)
 s02_nm_mean = mia_results.get('smooth_0.2', {}).get('non_member_loss_mean', 0.22)
 s02_m_std = mia_results.get('smooth_0.2', {}).get('member_loss_std', 0.03)
 s02_nm_std = mia_results.get('smooth_0.2', {}).get('non_member_loss_std', 0.03)
-
 model_name_str = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
 data_size_str = str(config.get('data_size', 2000))
 
@@ -73,29 +70,8 @@ MODEL_PARAMS = {
 # Charts
 # ========================================
 
-def make_pie_chart():
-    tc = {}
-    for item in member_data + non_member_data:
-        t = item.get('task_type', 'unknown')
-        tc[t] = tc.get(t, 0) + 1
-    nm = {'calculation': 'Calculation\n(Ji Chu Ji Suan)', 'word_problem': 'Word Problem\n(Ying Yong Ti)',
-          'concept': 'Concept Q&A\n(Gai Nian Wen Da)', 'error_correction': 'Error Correction\n(Cuo Ti Ding Zheng)'}
-    labels = [nm.get(k, k) for k in tc]
-    sizes = list(tc.values())
-    colors = ['#5B8FF9', '#5AD8A6', '#F6BD16', '#E86452']
-    fig, ax = plt.subplots(figsize=(6.5, 5.5))
-    wedges, texts, autotexts = ax.pie(
-        sizes, labels=labels, autopct='%1.1f%%', colors=colors[:len(labels)],
-        startangle=90, textprops={'fontsize': 9},
-        wedgeprops={'edgecolor': 'white', 'linewidth': 2})
-    for t in autotexts:
-        t.set_fontsize(10)
-        t.set_fontweight('bold')
-    plt.tight_layout()
-    return fig
-
-
 def make_loss_distribution():
+    """3 model Loss distributions - larger size"""
     items = []
     for k, t in [('baseline', 'Baseline'), ('smooth_0.02', 'LS(e=0.02)'), ('smooth_0.2', 'LS(e=0.2)')]:
         if k in full_results:
@@ -106,26 +82,59 @@ def make_loss_distribution():
         fig, ax = plt.subplots()
         ax.text(0.5, 0.5, 'No data', ha='center')
         return fig
-    fig, axes = plt.subplots(1, n, figsize=(4.8 * n, 4.2))
+    fig, axes = plt.subplots(1, n, figsize=(6 * n, 5.5))
     if n == 1:
         axes = [axes]
     for ax, (k, title) in zip(axes, items):
         m = full_results[k]['member_losses']
         nm_l = full_results[k]['non_member_losses']
-        lo = min(min(m), min(nm_l))
-        hi = max(max(m), max(nm_l))
-        bins = np.linspace(lo, hi, 30)
+        bins = np.linspace(min(min(m), min(nm_l)), max(max(m), max(nm_l)), 30)
         ax.hist(m, bins=bins, alpha=0.55, color='#5B8FF9', label='Member', density=True)
         ax.hist(nm_l, bins=bins, alpha=0.55, color='#E86452', label='Non-Member', density=True)
-        ax.set_title(title, fontsize=10, fontweight='bold')
-        ax.set_xlabel('Loss', fontsize=8)
-        ax.set_ylabel('Density', fontsize=8)
-        ax.legend(fontsize=7, loc='upper right')
-        ax.tick_params(labelsize=7)
+        ax.set_title(title, fontsize=13, fontweight='bold')
+        ax.set_xlabel('Loss', fontsize=11)
+        ax.set_ylabel('Density', fontsize=11)
+        ax.legend(fontsize=10, loc='upper right')
+        ax.tick_params(labelsize=10)
+        ax.grid(True, linestyle='--', alpha=0.3)
+        ax.spines['top'].set_visible(False)
+        ax.spines['right'].set_visible(False)
+    plt.suptitle('Model Loss Distribution: Member vs Non-Member', fontsize=15, fontweight='bold', y=1.02)
+    plt.tight_layout()
+    return fig
+
+
+def make_perturb_loss_distribution():
+    """Output perturbation effect on baseline loss distribution"""
+    bl = full_results.get('baseline', {})
+    if not bl:
+        fig, ax = plt.subplots()
+        ax.text(0.5, 0.5, 'No data', ha='center')
+        return fig
+    m_losses = np.array(bl['member_losses'])
+    nm_losses = np.array(bl['non_member_losses'])
+    sigmas = [0.01, 0.015, 0.02]
+    fig, axes = plt.subplots(1, 3, figsize=(18, 5.5))
+    for ax, sigma in zip(axes, sigmas):
+        np.random.seed(42)
+        m_pert = m_losses + np.random.normal(0, sigma, len(m_losses))
+        nm_pert = nm_losses + np.random.normal(0, sigma, len(nm_losses))
+        all_vals = np.concatenate([m_pert, nm_pert])
+        bins = np.linspace(all_vals.min(), all_vals.max(), 30)
+        ax.hist(m_pert, bins=bins, alpha=0.55, color='#5B8FF9', label='Member (perturbed)', density=True)
+        ax.hist(nm_pert, bins=bins, alpha=0.55, color='#E86452', label='Non-Member (perturbed)', density=True)
+        pk = 'perturbation_' + str(sigma)
+        pauc = perturb_results.get(pk, {}).get('auc', 0)
+        ax.set_title(f'OP(s={sigma})\nAUC={pauc:.4f}', fontsize=13, fontweight='bold')
+        ax.set_xlabel('Loss', fontsize=11)
+        ax.set_ylabel('Density', fontsize=11)
+        ax.legend(fontsize=9, loc='upper right')
+        ax.tick_params(labelsize=10)
         ax.grid(True, linestyle='--', alpha=0.3)
         ax.spines['top'].set_visible(False)
         ax.spines['right'].set_visible(False)
-    plt.tight_layout(pad=1.5)
+    plt.suptitle('Output Perturbation: Loss Distribution After Adding Noise', fontsize=15, fontweight='bold', y=1.02)
+    plt.tight_layout()
     return fig
 
 
@@ -140,50 +149,50 @@ def make_auc_bar():
                         ('perturbation_0.02', 'OP(s=0.02)', '#1A7F5A')]:
         if k in perturb_results:
             methods.append(name); aucs.append(perturb_results[k]['auc']); colors.append(c)
-    fig, ax = plt.subplots(figsize=(9, 5))
+    fig, ax = plt.subplots(figsize=(12, 6))
     bars = ax.bar(methods, aucs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, a in zip(bars, aucs):
         ax.text(bar.get_x() + bar.get_width()/2, bar.get_height() + 0.002,
-                f'{a:.4f}', ha='center', va='bottom', fontsize=9, fontweight='bold')
+                f'{a:.4f}', ha='center', va='bottom', fontsize=11, fontweight='bold')
     ax.axhline(y=0.5, color='#E86452', linestyle='--', linewidth=1.5, alpha=0.6, label='Random Guess (0.5)')
-    ax.set_ylabel('MIA AUC', fontsize=11)
+    ax.set_ylabel('MIA AUC', fontsize=12)
     ax.set_ylim(0.48, max(aucs) + 0.035 if aucs else 0.7)
-    ax.legend(fontsize=9)
+    ax.legend(fontsize=10)
     ax.grid(axis='y', linestyle='--', alpha=0.3)
     ax.spines['top'].set_visible(False)
     ax.spines['right'].set_visible(False)
-    plt.xticks(rotation=8, fontsize=9)
+    plt.xticks(fontsize=11)
     plt.tight_layout()
     return fig
 
 
 def make_tradeoff():
-    fig, ax = plt.subplots(figsize=(8, 6))
+    fig, ax = plt.subplots(figsize=(10, 7))
     pts = []
-    for k, name, mk, c, sz in [('baseline', 'Baseline', 'o', '#8C8C8C', 200),
-                                 ('smooth_0.02', 'LS(e=0.02)', 's', '#5B8FF9', 180),
-                                 ('smooth_0.2', 'LS(e=0.2)', 's', '#3D76DD', 180)]:
+    for k, name, mk, c, sz in [('baseline', 'Baseline', 'o', '#8C8C8C', 220),
+                                 ('smooth_0.02', 'LS(e=0.02)', 's', '#5B8FF9', 200),
+                                 ('smooth_0.2', 'LS(e=0.2)', 's', '#3D76DD', 200)]:
         if k in mia_results and k in utility_results:
             pts.append({'n': name, 'a': mia_results[k]['auc'], 'c': utility_results[k]['accuracy'],
                         'm': mk, 'co': c, 's': sz})
     ba = utility_results.get('baseline', {}).get('accuracy', 0.633)
-    for k, name, mk, c, sz in [('perturbation_0.01', 'OP(s=0.01)', '^', '#5AD8A6', 190),
-                                 ('perturbation_0.015', 'OP(s=0.015)', 'D', '#2EAD78', 150),
-                                 ('perturbation_0.02', 'OP(s=0.02)', '^', '#1A7F5A', 190)]:
+    for k, name, mk, c, sz in [('perturbation_0.01', 'OP(s=0.01)', '^', '#5AD8A6', 200),
+                                 ('perturbation_0.015', 'OP(s=0.015)', 'D', '#2EAD78', 160),
+                                 ('perturbation_0.02', 'OP(s=0.02)', '^', '#1A7F5A', 200)]:
         if k in perturb_results:
             pts.append({'n': name, 'a': perturb_results[k]['auc'], 'c': ba, 'm': mk, 'co': c, 's': sz})
     for p in pts:
         ax.scatter(p['c'], p['a'], label=p['n'], marker=p['m'], color=p['co'],
                    s=p['s'], edgecolors='white', linewidth=2, zorder=5)
     ax.axhline(y=0.5, color='#BFBFBF', linestyle='--', alpha=0.8, label='Random Guess')
-    ax.set_xlabel('Accuracy', fontsize=11, fontweight='bold')
-    ax.set_ylabel('MIA AUC (Privacy Risk)', fontsize=11, fontweight='bold')
-    ax.set_title('Privacy-Utility Trade-off', fontsize=13, fontweight='bold')
+    ax.set_xlabel('Accuracy', fontsize=12, fontweight='bold')
+    ax.set_ylabel('MIA AUC (Privacy Risk)', fontsize=12, fontweight='bold')
+    ax.set_title('Privacy-Utility Trade-off', fontsize=14, fontweight='bold')
     aa = [p['c'] for p in pts]; ab = [p['a'] for p in pts]
     if aa and ab:
         ax.set_xlim(min(aa)-0.03, max(aa)+0.05)
         ax.set_ylim(min(min(ab), 0.5)-0.02, max(ab)+0.025)
-    ax.legend(loc='upper right', fontsize=8, fancybox=True)
+    ax.legend(loc='upper right', fontsize=9, fancybox=True)
     ax.grid(True, alpha=0.2)
     ax.spines['top'].set_visible(False)
     ax.spines['right'].set_visible(False)
@@ -203,54 +212,54 @@ def make_accuracy_bar():
                         ('perturbation_0.02', 'OP(s=0.02)', '#1A7F5A')]:
         if k in perturb_results:
             names.append(name); accs.append(bp); colors.append(c)
-    fig, ax = plt.subplots(figsize=(9, 5))
+    fig, ax = plt.subplots(figsize=(12, 6))
     bars = ax.bar(names, accs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, acc in zip(bars, accs):
         ax.text(bar.get_x()+bar.get_width()/2, bar.get_height()+0.5,
-                f'{acc:.1f}%', ha='center', va='bottom', fontsize=9, fontweight='bold')
-    ax.set_ylabel('Accuracy (%)', fontsize=11)
+                f'{acc:.1f}%', ha='center', va='bottom', fontsize=11, fontweight='bold')
+    ax.set_ylabel('Accuracy (%)', fontsize=12)
     ax.set_ylim(0, 100)
     ax.grid(axis='y', alpha=0.3)
     ax.spines['top'].set_visible(False)
     ax.spines['right'].set_visible(False)
-    plt.xticks(rotation=8, fontsize=9)
+    plt.xticks(fontsize=11)
     plt.tight_layout()
     return fig
 
 
 def make_loss_gauge(loss_val, m_mean, nm_mean, threshold, m_std, nm_std):
-    fig, ax = plt.subplots(figsize=(8, 2.8))
+    fig, ax = plt.subplots(figsize=(9, 3))
     x_min = min(m_mean - 3*m_std, loss_val - 0.01)
     x_max = max(nm_mean + 3*nm_std, loss_val + 0.01)
     ax.axvspan(x_min, threshold, alpha=0.12, color='#5B8FF9')
     ax.axvspan(threshold, x_max, alpha=0.12, color='#E86452')
     ax.axvline(x=threshold, color='#434343', linewidth=2, linestyle='-', zorder=3)
-    ax.text(threshold, 1.12, 'Threshold', ha='center', va='bottom', fontsize=9,
+    ax.text(threshold, 1.12, 'Threshold', ha='center', va='bottom', fontsize=10,
             fontweight='bold', color='#434343', transform=ax.get_xaxis_transform())
     ax.axvline(x=m_mean, color='#5B8FF9', linewidth=1.2, linestyle='--', alpha=0.6)
-    ax.text(m_mean, -0.28, f'Member\n({m_mean:.4f})', ha='center', va='top',
-            fontsize=7.5, color='#5B8FF9', transform=ax.get_xaxis_transform())
+    ax.text(m_mean, -0.3, f'Member\n({m_mean:.4f})', ha='center', va='top',
+            fontsize=8, color='#5B8FF9', transform=ax.get_xaxis_transform())
     ax.axvline(x=nm_mean, color='#E86452', linewidth=1.2, linestyle='--', alpha=0.6)
-    ax.text(nm_mean, -0.28, f'Non-Member\n({nm_mean:.4f})', ha='center', va='top',
-            fontsize=7.5, color='#E86452', transform=ax.get_xaxis_transform())
+    ax.text(nm_mean, -0.3, f'Non-Member\n({nm_mean:.4f})', ha='center', va='top',
+            fontsize=8, color='#E86452', transform=ax.get_xaxis_transform())
     in_member = loss_val < threshold
     mc = '#5B8FF9' if in_member else '#E86452'
     ax.plot(loss_val, 0.5, marker='v', markersize=16, color=mc, zorder=5,
             transform=ax.get_xaxis_transform())
-    ax.text(loss_val, 0.78, f'Loss={loss_val:.4f}', ha='center', va='bottom', fontsize=10,
+    ax.text(loss_val, 0.78, f'Loss={loss_val:.4f}', ha='center', va='bottom', fontsize=11,
             fontweight='bold', color=mc, transform=ax.get_xaxis_transform(),
             bbox=dict(boxstyle='round,pad=0.3', facecolor='white', edgecolor=mc, alpha=0.95))
     mc_x = (x_min + threshold) / 2
     nmc_x = (threshold + x_max) / 2
-    ax.text(mc_x, 0.5, 'Member Zone', ha='center', va='center', fontsize=10,
+    ax.text(mc_x, 0.5, 'Member Zone', ha='center', va='center', fontsize=11,
             color='#5B8FF9', fontweight='bold', alpha=0.5, transform=ax.get_xaxis_transform())
-    ax.text(nmc_x, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=10,
+    ax.text(nmc_x, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=11,
             color='#E86452', fontweight='bold', alpha=0.5, transform=ax.get_xaxis_transform())
     ax.set_xlim(x_min, x_max)
     ax.set_yticks([])
     for sp in ['top', 'right', 'left']:
         ax.spines[sp].set_visible(False)
-    ax.set_xlabel('Loss Value', fontsize=9)
+    ax.set_xlabel('Loss Value', fontsize=10)
     plt.tight_layout()
     return fig
 
@@ -279,35 +288,61 @@ MODEL_CHOICE_MAP = {
     "基线模型 (Baseline)": "baseline",
     "标签平滑模型 (e=0.02)": "smooth_0.02",
     "标签平滑模型 (e=0.2)": "smooth_0.2",
+    "输出扰动 (s=0.01)": "perturbation_0.01",
+    "输出扰动 (s=0.015)": "perturbation_0.015",
+    "输出扰动 (s=0.02)": "perturbation_0.02",
 }
 
 
 def run_mia_demo(sample_index, data_type, model_choice):
-    is_member = (data_type == "成员数据（训练集）")
+    is_member = (data_type == "成员数据��训练集）")
     data = member_data if is_member else non_member_data
     idx = min(int(sample_index), len(data) - 1)
     sample = data[idx]
 
     model_key = MODEL_CHOICE_MAP.get(model_choice, "baseline")
-    params = MODEL_PARAMS.get(model_key, MODEL_PARAMS["baseline"])
 
-    fr = full_results.get(model_key, full_results.get('baseline', {}))
-    if is_member and idx < len(fr.get('member_losses', [])):
-        loss = fr['member_losses'][idx]
-    elif not is_member and idx < len(fr.get('non_member_losses', [])):
-        loss = fr['non_member_losses'][idx]
+    # Determine which Loss data to use
+    is_perturb = model_key.startswith("perturbation_")
+    if is_perturb:
+        # Output perturbation: baseline loss + noise
+        sigma = float(model_key.split("_")[1])
+        base_fr = full_results.get('baseline', {})
+        if is_member and idx < len(base_fr.get('member_losses', [])):
+            base_loss = base_fr['member_losses'][idx]
+        elif not is_member and idx < len(base_fr.get('non_member_losses', [])):
+            base_loss = base_fr['non_member_losses'][idx]
+        else:
+            base_loss = float(np.random.normal(bl_m_mean if is_member else bl_nm_mean, 0.02))
+        np.random.seed(idx * 1000 + int(sigma * 1000))
+        loss = base_loss + np.random.normal(0, sigma)
+        m_mean = bl_m_mean
+        nm_mean = bl_nm_mean
+        m_std_v = bl_m_std
+        nm_std_v = bl_nm_std
+        model_auc = perturb_results.get(model_key, {}).get('auc', 0)
+        display_label = "OP(s=" + str(sigma) + ")"
     else:
-        loss = float(np.random.normal(params['m_mean'] if is_member else params['nm_mean'], 0.02))
+        params = MODEL_PARAMS.get(model_key, MODEL_PARAMS["baseline"])
+        fr = full_results.get(model_key, full_results.get('baseline', {}))
+        if is_member and idx < len(fr.get('member_losses', [])):
+            loss = fr['member_losses'][idx]
+        elif not is_member and idx < len(fr.get('non_member_losses', [])):
+            loss = fr['non_member_losses'][idx]
+        else:
+            loss = float(np.random.normal(params['m_mean'] if is_member else params['nm_mean'], 0.02))
+        m_mean = params['m_mean']
+        nm_mean = params['nm_mean']
+        m_std_v = params['m_std']
+        nm_std_v = params['nm_std']
+        model_auc = mia_results.get(model_key, {}).get('auc', 0)
+        display_label = params['label']
 
-    m_mean = params['m_mean']
-    nm_mean = params['nm_mean']
-    m_std = params['m_std']
-    nm_std = params['nm_std']
     threshold = (m_mean + nm_mean) / 2.0
     pred_member = (loss < threshold)
     attack_correct = (pred_member == is_member)
 
-    gauge_fig = make_loss_gauge(loss, m_mean, nm_mean, threshold, m_std, nm_std)
+    gauge_fig = make_loss_gauge(loss, m_mean, nm_mean, threshold, m_std_v, nm_std_v)
 
     pred_label = "训练成员" if pred_member else "非训练成员"
     pred_color = "🔴" if pred_member else "🟢"
@@ -324,10 +359,9 @@ def run_mia_demo(sample_index, data_type, model_choice):
         verdict = "❌ **攻击失误**"
         verdict_detail = "攻击者的判定与真实身份不符。"
 
-    model_auc = mia_results.get(model_key, {}).get('auc', 0)
     result_md = (
         verdict + "\n\n" + verdict_detail + "\n\n"
-        "**当前攻击模型**: " + params['label'] + " (AUC=" + f"{model_auc:.4f}" + ")\n\n"
+        "**当前攻击模型**: " + display_label + " (AUC=" + f"{model_auc:.4f}" + ")\n\n"
         "| | 攻击者计算得出 | 系统真实身份 |\n"
         "|---|---|---|\n"
         "| 判定 | " + pred_color + " " + pred_label + " | " + actual_color + " " + actual_label + " |\n"
@@ -349,28 +383,23 @@ body { background-color: #f0f4f8 !important; }
 }
 .tab-nav { border-bottom: 2px solid #e1e8f0 !important; margin-bottom: 20px !important; }
 .tab-nav button {
-    font-size: 15px !important; padding: 14px 24px !important; font-weight: 500 !important;
+    font-size: 15px !important; padding: 14px 22px !important; font-weight: 500 !important;
     color: #64748b !important; border-radius: 8px 8px 0 0 !important;
     transition: all 0.3s ease !important; background: transparent !important; border: none !important;
 }
-.tab-nav button:hover { color: #3b82f6 !important; background: rgba(59,130,246,0.05) !important; }
+.tab-nav button:hover { color: #3b82f6 !important; }
 .tab-nav button.selected { font-weight: 700 !important; color: #2563eb !important; border-bottom: 3px solid #2563eb !important; }
-.tabitem {
-    background: #fff !important; border-radius: 12px !important;
-    box-shadow: 0 4px 20px rgba(0,0,0,0.04) !important; padding: 30px !important; border: 1px solid #e2e8f0 !important;
-}
-.prose h1 { font-size: 2.2rem !important; color: #0f172a !important; font-weight: 800 !important; text-align: center !important; }
-.prose h2 { font-size: 1.4rem !important; color: #1e293b !important; margin-top: 1.5em !important; padding-bottom: 0.4em !important; border-bottom: 2px solid #f1f5f9 !important; font-weight: 700 !important; }
-.prose h3 { font-size: 1.15rem !important; color: #334155 !important; font-weight: 600 !important; }
-.prose table { width: 100% !important; border-collapse: separate !important; border-spacing: 0 !important; margin: 1.5em 0 !important; border-radius: 10px !important; overflow: hidden !important; box-shadow: 0 0 0 1px #e2e8f0, 0 4px 6px -1px rgba(0,0,0,0.05) !important; font-size: 0.92rem !important; }
-.prose th { background: #f8fafc !important; color: #475569 !important; font-weight: 600 !important; font-size: 0.85rem !important; letter-spacing: 0.05em !important; padding: 12px 14px !important; border-bottom: 2px solid #e2e8f0 !important; }
+.tabitem { background: #fff !important; border-radius: 12px !important; box-shadow: 0 4px 20px rgba(0,0,0,0.04) !important; padding: 30px !important; border: 1px solid #e2e8f0 !important; }
+.prose h1 { font-size: 2rem !important; color: #0f172a !important; font-weight: 800 !important; text-align: center !important; }
+.prose h2 { font-size: 1.35rem !important; color: #1e293b !important; margin-top: 1.5em !important; padding-bottom: 0.4em !important; border-bottom: 2px solid #f1f5f9 !important; font-weight: 700 !important; }
+.prose h3 { font-size: 1.1rem !important; color: #334155 !important; font-weight: 600 !important; }
+.prose table { width: 100% !important; border-collapse: separate !important; border-spacing: 0 !important; margin: 1.2em 0 !important; border-radius: 10px !important; overflow: hidden !important; box-shadow: 0 0 0 1px #e2e8f0, 0 4px 6px -1px rgba(0,0,0,0.05) !important; font-size: 0.9rem !important; }
+.prose th { background: #f8fafc !important; color: #475569 !important; font-weight: 600 !important; padding: 10px 14px !important; border-bottom: 2px solid #e2e8f0 !important; }
 .prose tr:nth-child(even) td { background: #f8fafc !important; }
-.prose td { padding: 10px 14px !important; color: #334155 !important; border-bottom: 1px solid #e2e8f0 !important; }
+.prose td { padding: 9px 14px !important; color: #334155 !important; border-bottom: 1px solid #e2e8f0 !important; }
 .prose tr:last-child td { border-bottom: none !important; }
-.prose tr:hover td { background-color: #f1f5f9 !important; }
-.prose blockquote { border-left: 4px solid #3b82f6 !important; background: linear-gradient(to right,#eff6ff,#fff) !important; padding: 14px 18px !important; border-radius: 0 8px 8px 0 !important; font-size: 0.93rem !important; color: #1e40af !important; margin: 1.5em 0 !important; }
+.prose blockquote { border-left: 4px solid #3b82f6 !important; background: linear-gradient(to right,#eff6ff,#fff) !important; padding: 14px 18px !important; border-radius: 0 8px 8px 0 !important; color: #1e40af !important; margin: 1.2em 0 !important; }
 button.primary { background: linear-gradient(135deg,#3b82f6 0%,#2563eb 100%) !important; border: none !important; box-shadow: 0 4px 12px rgba(37,99,235,0.25) !important; font-weight: 600 !important; }
-button.primary:hover { transform: translateY(-2px) !important; box-shadow: 0 6px 16px rgba(37,99,235,0.35) !important; }
 footer { display: none !important; }
 """
 
@@ -385,9 +414,8 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
     with gr.Tab("项目概览"):
         gr.Markdown(
             "## 研究背景\n\n"
-            "大语言模型在教育领域的应用日益广泛，模型训练不可避免地接触到学生敏感数据。"
-            "**成员推理攻击 (Membership Inference Attack, MIA)** 能够判断某条数据是否参与了模型训练，"
-            "从而推断学生的隐私信息，构成切实的隐私威胁。\n\n"
+            "大语言模型在教育领域广泛应用，训练过程中不可避免地接触到学生敏感数据。"
+            "**成员推理攻击 (MIA)** 能判断某条数据是否参与了模型训练，构成隐私威胁。\n\n"
             "---\n\n"
             "## 实验设计\n\n"
             "| 阶段 | 内容 | 方法 |\n"
@@ -395,10 +423,9 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
             "| 1. 数据准备 | 2000条小学数学辅导对话 | 模板化生成，含姓名/学号/成绩等隐私字段 |\n"
             "| 2. 基线模型训练 | Qwen2.5-Math-1.5B + LoRA | 标准微调，无任何防御措施 |\n"
             "| 3. 标签平滑模型训练 | 两组不同平滑系数 | e=0.02(温和) 与 e=0.2(强力) 分别训练 |\n"
-            "| 4. MIA攻击测试 | 对三个模型分别发起攻击 | 基于Loss阈值的成员推理，AUC评估 |\n"
-            "| 5. 输出扰动测试 | 在基线模型上添加噪声 | 高斯噪声 s=0.01/0.015/0.02 三组 |\n"
-            "| 6. 效用评估 | 300道数学测试题 | 三个模型分别测试准确率 |\n"
-            "| 7. 综合分析 | 隐私-效用权衡 | 散点图 + 定量对比 |\n\n"
+            "| 4. MIA攻击测试 | 对全部模型及策略发起攻击 | 三个模型的Loss-based攻击 + 三组输出扰动测试 |\n"
+            "| 5. 效用评估 | 300道数学测试题 | 三个模型分别测试准确率 |\n"
+            "| 6. 综合分析 | 隐私-效用权衡 | 散点图 + 定量对比 |\n\n"
             "---\n\n"
             "## 实验配置\n\n"
             "| 项目 | 值 |\n"
@@ -407,35 +434,42 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
             "| 微调方法 | LoRA (r=8, alpha=16, target: q/k/v/o_proj) |\n"
             "| 训练轮数 | 10 epochs |\n"
             "| 数据总量 | " + data_size_str + " 条 (成员1000 + 非成员1000) |\n"
-            "| 训练模型数 | 3个 (基线 + 标签平滑x2) |\n")
+            "| 训练模型数 | 3个 (基线 + 标签平滑x2) |\n"
+            "| 输出扰动测试 | 3组 (s=0.01/0.015/0.02，在基线模型上) |\n")
 
     with gr.Tab("数据展示"):
         gr.Markdown("## 数据集概况\n\n"
-                    "成员数据1000条（训练集）与非成员数据1000条（对照组），每条均包含学生隐私字段。\n")
+                    "成员数据1000条（训练集）与非成员数据1000条（对照组），每条均包含学生隐私字段。\n\n"
+                    "### 任务类型分布\n\n"
+                    "| 类型 | 数量 | 占比 | 说明 |\n"
+                    "|------|------|------|------|\n"
+                    "| 基础计算 | 800 | 40% | 加减乘除等基本运算 |\n"
+                    "| 应用题 | 600 | 30% | 实际场景的数学问题 |\n"
+                    "| 概念问答 | 400 | 20% | 数学概念理解 |\n"
+                    "| 错题订正 | 200 | 10% | 常见错误分析纠正 |\n")
         with gr.Row():
-            with gr.Column(scale=1):
-                gr.Plot(value=make_pie_chart())
             with gr.Column(scale=1):
                 gr.Markdown("**选择靶向数据池**")
                 data_sel = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"],
                                     value="成员数据（训练集）", label="")
                 sample_btn = gr.Button("随机提取", variant="primary")
                 sample_info = gr.Markdown()
-        gr.Markdown("---\n\n**原始对话内容**")
-        with gr.Row():
-            sample_q = gr.Textbox(label="学生提问 (Prompt)", lines=5, interactive=False)
-            sample_a = gr.Textbox(label="模型回答 (Ground Truth)", lines=5, interactive=False)
+            with gr.Column(scale=1):
+                gr.Markdown("**原始对话内容**")
+                sample_q = gr.Textbox(label="学生提问 (Prompt)", lines=5, interactive=False)
+                sample_a = gr.Textbox(label="模型回答 (Ground Truth)", lines=5, interactive=False)
         sample_btn.click(show_random_sample, [data_sel], [sample_info, sample_q, sample_a])
 
     with gr.Tab("MIA攻击演示"):
         gr.Markdown(
             "## 发起成员推理攻击\n\n"
-            "选择目标模型和数据来源，系统将计算该样本的Loss值并实施成员身份判定。\n")
+            "选择攻击目标（模型或防御策略），系统将计算该样本的Loss值并判定成员身份。\n")
         with gr.Row():
             with gr.Column(scale=1):
                 atk_model = gr.Radio(
-                    ["基线模型 (Baseline)", "标签平滑模型 (e=0.02)", "标签平滑模型 (e=0.2)"],
-                    value="基线模型 (Baseline)", label="选择攻击目标模型")
+                    ["基线模型 (Baseline)", "标签平滑模型 (e=0.02)", "标签平滑模型 (e=0.2)",
+                     "输出扰动 (s=0.01)", "输出扰动 (s=0.015)", "输出扰动 (s=0.02)"],
+                    value="基线模型 (Baseline)", label="选择攻击目标")
                 atk_type = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"],
                                     value="成员数据（训练集）", label="模拟真实数据来源")
                 atk_idx = gr.Slider(0, 999, step=1, value=0, label="样本游标 ID (0-999)")
@@ -450,19 +484,16 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
     with gr.Tab("防御对比"):
         gr.Markdown(
             "## 防御策略效果对比\n\n"
-            "本研究测试了两类防御策略，以下基于实验数据给出对比分析。\n\n"
             "| 策略 | 类型 | 原理 | 实验验证的优势 | 实验观察到的局限 |\n"
             "|------|------|------|---------------|----------------|\n"
-            "| 标签平滑 | 训练期 | 软化训练标签，抑制对训练数据的过度记忆 | e=0.02时AUC降至" + f"{s002_auc:.4f}" + "，准确率提升至" + f"{s002_acc:.1f}" + "% | 需要重新训练模型；e过大时可能影响效用 |\n"
-            "| 输出扰动 | 推理期 | 对模型输出Loss添加高斯噪声，模糊统计差异 | s=0.02时AUC降至" + f"{op002_auc:.4f}" + "，准确率完全不变 | 仅遮蔽Loss层面的统计信号，不改变模型本身的记忆特性 |\n")
-
-        with gr.Row():
-            with gr.Column():
-                gr.Markdown("### AUC对比（全部策略）")
-                gr.Plot(value=make_auc_bar())
-            with gr.Column():
-                gr.Markdown("### Loss分布对比（三个模型）")
-                gr.Plot(value=make_loss_distribution())
+            "| 标签平滑 | 训练期 | 软化训练标签，抑制过度记忆 | e=0.02时AUC降至" + f"{s002_auc:.4f}" + "，准确率" + f"{s002_acc:.1f}" + "% | 需重新训练；e过大时可能影响效用 |\n"
+            "| 输出扰动 | 推理期 | 对Loss添加高斯噪声 | s=0.02时AUC降至" + f"{op002_auc:.4f}" + "，准确率不变 | 仅遮蔽Loss统计信号，不改变模型记忆 |\n")
+        gr.Markdown("### AUC对比（全部策略）")
+        gr.Plot(value=make_auc_bar())
+        gr.Markdown("### Loss分布对比 - 三个模型（训练期防御效果）")
+        gr.Plot(value=make_loss_distribution())
+        gr.Markdown("### Loss分布对比 - 输出扰动（推理期防御效果）")
+        gr.Plot(value=make_perturb_loss_distribution())
 
         tbl = (
             "### 完整实验结果\n\n"
@@ -487,10 +518,9 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
         gr.Markdown(
             "## 一、标签平滑 (Label Smoothing)\n\n"
             "**类型**: 训��期防御\n\n"
-            "将训练标签从硬标签 (one-hot) 转换为软标签，降低模型对训练样本的过度拟合程度，"
-            "从而缩小成员与非成员之间的Loss分布差异。\n\n"
-            "$$y_{smooth} = (1 - \\varepsilon) \\cdot y_{onehot} + \\frac{\\varepsilon}{V}$$\n\n"
-            "其中 $\\varepsilon$ 为平滑系数，$V$ 为词汇表大小。\n\n"
+            "将训练标签从硬标签 (one-hot) 转换为软标签，降低模型对训练样本的过度拟合。\n\n"
+            "**公式**: y_smooth = (1 - e) * y_onehot + e / V\n\n"
+            "其中 e 为平滑系数，V 为词汇表大小。当 e=0 时退化为标准训练。\n\n"
             "| 参数 | AUC | 准确率 | 分析 |\n"
             "|------|-----|--------|------|\n"
             "| 基线 (e=0) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 无防御，攻击风险较高 |\n"
@@ -499,9 +529,9 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
             "---\n\n"
             "## 二、输出扰动 (Output Perturbation)\n\n"
             "**类型**: 推理期防御\n\n"
-            "在推理阶段对模型返回的Loss值注入高斯噪声，使攻击者难以从Loss的微小差异中区分成员与非成员。\n\n"
-            "$$\\mathcal{L}_{perturbed} = \\mathcal{L}_{original} + \\mathcal{N}(0, \\sigma^2)$$\n\n"
-            "其中 $\\sigma$ 为噪声标准差，控制扰动强度。\n\n"
+            "在推理阶段对模型返回的Loss值注入高斯噪声，使攻击者难以区分成员与非成员。\n\n"
+            "**公式**: L_perturbed = L_original + N(0, s^2)\n\n"
+            "其中 s 为噪声标准差，控制扰动强度。\n\n"
             "| 参数 | AUC | AUC降幅 | 准确率 |\n"
             "|------|-----|---------|--------|\n"
             "| 基线 (s=0) | " + f"{bl_auc:.4f}" + " | -- | " + f"{bl_acc:.1f}" + "% |\n"
@@ -515,14 +545,11 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
             "| 作用阶段 | 训练期 | 推理期 |\n"
             "| 是否需要重训 | 是 | 否 |\n"
             "| 对效用的影响 | 取决于平滑系数 | 无影响 |\n"
-            "| 防御原理 | 抑制过拟合，降低记忆 | 遮蔽Loss层面统计信号 |\n"
-            "| 部署难度 | 需训练阶段介入 | 推理阶段即插即用 |\n"
-            "| 可叠加使用 | 是 | 是 |\n")
+            "| 防御原理 | 抑制过拟合，降低记忆 | 遮蔽Loss统计信号 |\n"
+            "| 部署难度 | 需训练阶段介入 | 推理阶段即插即用 |\n")
 
     with gr.Tab("效用评估"):
-        gr.Markdown(
-            "## 效用评估\n\n"
-            "> 测试集: 300道数学题，覆盖基础计算、应用题、概念问答三类任务。\n")
+        gr.Markdown("## 效用评估\n\n> 测试集: 300道数学题\n")
         with gr.Row():
             with gr.Column():
                 gr.Markdown("### 准确率对比")
@@ -530,83 +557,60 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
             with gr.Column():
                 gr.Markdown("### 隐私-效用权衡")
                 gr.Plot(value=make_tradeoff())
-
         gr.Markdown(
             "### 效用分析\n\n"
             "| 策略 | 准确率 | AUC | 效用变化 | 分析 |\n"
             "|------|--------|-----|---------|------|\n"
-            "| 基线 | " + f"{bl_acc:.1f}" + "% | " + f"{bl_auc:.4f}" + " | -- | 效用基准，但隐私风险最高 |\n"
-            "| LS(e=0.02) | " + f"{s002_acc:.1f}" + "% | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc-bl_acc:+.1f}" + "pp | 适度正则化提升了泛化能力，准确率反而上升 |\n"
-            "| LS(e=0.2) | " + f"{s02_acc:.1f}" + "% | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc-bl_acc:+.1f}" + "pp | 强力平滑对效用有一定影响，但仍在可接受范围 |\n"
+            "| 基线 | " + f"{bl_acc:.1f}" + "% | " + f"{bl_auc:.4f}" + " | -- | 效用基准，隐私风险最高 |\n"
+            "| LS(e=0.02) | " + f"{s002_acc:.1f}" + "% | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc-bl_acc:+.1f}" + "pp | 适度正则化提升泛化，准确率上升 |\n"
+            "| LS(e=0.2) | " + f"{s02_acc:.1f}" + "% | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc-bl_acc:+.1f}" + "pp | 防御增强，效用仍可接受 |\n"
             "| OP(s=0.01) | " + f"{bl_acc:.1f}" + "% | " + f"{op001_auc:.4f}" + " | 0 | 零效用损失 |\n"
             "| OP(s=0.015) | " + f"{bl_acc:.1f}" + "% | " + f"{op0015_auc:.4f}" + " | 0 | 零效用损失 |\n"
             "| OP(s=0.02) | " + f"{bl_acc:.1f}" + "% | " + f"{op002_auc:.4f}" + " | 0 | 零效用损失 |\n\n"
-            "> **关键发现**: 标签平滑 e=0.02 不仅降低了隐私风险，还因正则化效应提升了模型的泛化能力。"
-            "输出扰动则在完全不影响效用的前提下实现了有效防御。"
-            "两类策略在效用维度上呈现互补特性：前者可能提升效用，后者保证效用不变。\n")
+            "> **关键发现**: 标签平滑 e=0.02 因正则化效应反而提升了泛化能力。"
+            "输出扰动在不影响效用的前提下实现了有效防御。两类策略在效用维度上呈现互补特性。\n")
 
     with gr.Tab("实验结果可视化"):
         gr.Markdown("## 实验核心图表")
-        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1: 成员与非成员Loss分布对比 (Baseline vs Label Smoothing)"),
-                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2: 隐私风险与模型效用权衡散点图"),
+        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1: 成员与非成员Loss分布对比"),
+                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2: 隐私风险与模型效用权衡分析"),
                          ("fig3_defense_comparison_bar.png", "图3: 各防御策略MIA攻击AUC对比")]:
             p = os.path.join(BASE_DIR, "figures", fn)
             if os.path.exists(p):
                 gr.Markdown("### " + cap)
-                gr.Image(value=p, show_label=False, height=400)
+                gr.Image(value=p, show_label=False, height=450)
                 gr.Markdown("---")
 
     with gr.Tab("研究结论"):
         gr.Markdown(
-            "## 研究结论\n\n"
-            "---\n\n"
+            "## 研究结论\n\n---\n\n"
             "### 一、教育大模型面临显著的成员推理攻击风险\n\n"
-            "实验结果表明，经LoRA微调的Qwen2.5-Math-1.5B教育辅导模型在面对基于Loss的成员推理攻击时，"
-            "AUC达到 **" + f"{bl_auc:.4f}" + "**，显著高于随机猜测基准 (0.5)。"
-            "成员数据的平均Loss (" + f"{bl_m_mean:.4f}" + ") 明显低于非成员数据 (" + f"{bl_nm_mean:.4f}" + ")，"
-            "表明模型对训练数据产生了可被利用的记忆效应。"
-            "在教育场景中，训练数据包含学生姓名、学号、学业成绩等敏感信息，"
-            "该攻击能力构成了切实的隐私威胁。\n\n"
-            "---\n\n"
-            "### 二、标签平滑作为训练期防御策略的有效性与局限性\n\n"
-            "标签平滑通过软化训练标签分布，抑制模型对训练样本的过度拟合，"
-            "缩小成员与非成员之间的Loss分布差异。实验观察到:\n\n"
-            "- **e=0.02** (温和平滑): AUC从 " + f"{bl_auc:.4f}" + " 降至 " + f"{s002_auc:.4f}"
-            + "，准确率为 " + f"{s002_acc:.1f}" + "%。"
-            "适度的正则化效应不仅降低了隐私风险，还提升了模型的泛化能力。\n"
-            "- **e=0.2** (强力平滑): AUC进一步降至 " + f"{s02_auc:.4f}"
-            + "，防御效果显著增强，准确率为 " + f"{s02_acc:.1f}" + "%。\n\n"
-            "该结果表明平滑系数的选取需在隐私保护强度与模型效用之间进行权衡。"
-            "从实验数据看，e=0.02在两者之间取得了较好的平衡点。\n\n"
-            "---\n\n"
-            "### 三、输出扰动作为推理期防御策略的独特优势\n\n"
-            "输出扰动在推理阶段对模型输出的Loss值注入高斯噪声，"
-            "核心优势在于完全不改变模型参数，因此对模型效用无任何影响。实验中测试了三组噪声强度:\n\n"
-            "| 噪声强度 | AUC | AUC降幅 | 准确率 |\n"
-            "|----------|-----|---------|--------|\n"
+            "基线模型AUC = **" + f"{bl_auc:.4f}" + "**，显著高于随机猜测 (0.5)。"
+            "成员平均Loss (" + f"{bl_m_mean:.4f}" + ") 低于非成员 (" + f"{bl_nm_mean:.4f}" + ")，"
+            "表明模型对训练数据产生了可被利用的记忆效应。\n\n---\n\n"
+            "### 二、标签平滑的有效性与局限性\n\n"
+            "- e=0.02: AUC " + f"{bl_auc:.4f}" + " -> " + f"{s002_auc:.4f}" + "，准确率 " + f"{s002_acc:.1f}" + "%\n"
+            "- e=0.2: AUC " + f"{bl_auc:.4f}" + " -> " + f"{s02_auc:.4f}" + "，准确率 " + f"{s02_acc:.1f}" + "%\n\n"
+            "平滑系数需在保护强度与效用之间权衡，e=0.02取得较好平衡。\n\n---\n\n"
+            "### 三、输出扰动的独特优势\n\n"
+            "| 参数 | AUC | AUC降幅 | 准确率 |\n"
+            "|------|-----|---------|--------|\n"
             "| s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc-op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
             "| s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc-op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
             "| s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc-op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n\n"
-            "随着噪声强度增大，AUC呈单调下降趋势，表明更强的扰动更有效地模糊了成员与非成员的统计差异。"
-            "s=0.02时AUC降至 " + f"{op002_auc:.4f}" + "，接近标签平滑 e=0.2 的防御效果，"
-            "但完全不需要重新训练模型，适合已部署系统的后期隐私加固。\n\n"
-            "---\n\n"
+            "零效用损失，适合已部署系统的后期隐私加固。\n\n---\n\n"
             "### 四、隐私-效用权衡的定量分析\n\n"
-            "| 策略 | AUC | 准确率 | AUC变化 | 效用变化 | 特点 |\n"
-            "|------|-----|--------|--------|---------|------|\n"
-            "| 基线 (无防御) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | -- | -- | 风险最高 |\n"
-            "| 标签平滑 e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | " + f"{s002_auc-bl_auc:+.4f}" + " | " + f"{s002_acc-bl_acc:+.1f}" + "pp | 隐私与效用双优 |\n"
-            "| 标签平滑 e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | " + f"{s02_auc-bl_auc:+.4f}" + " | " + f"{s02_acc-bl_acc:+.1f}" + "pp | 强力防御 |\n"
-            "| 输出扰动 s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op001_auc-bl_auc:+.4f}" + " | 0 | 温和扰动 |\n"
-            "| 输出扰动 s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op0015_auc-bl_auc:+.4f}" + " | 0 | 适中扰动 |\n"
-            "| 输出扰动 s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op002_auc-bl_auc:+.4f}" + " | 0 | 零效用损失的有效防御 |\n\n"
-            "综合上述实验结果，两类防御策略在机制上具有互补性: "
-            "标签平滑从训练阶段降低模型的记忆程度，输出扰动从推理阶段遮蔽可被利用的统计信号。"
-            "在实际部署中，可根据场景需求灵活选择或组合使用。\n")
-
-    gr.Markdown(
-        "---\n\n<center>\n\n"
-        "教育大模型中的成员推理攻击及其防御思路研究\n\n"
-        "</center>\n")
+            "| 策略 | AUC | 准确率 | AUC变化 | 效用变化 |\n"
+            "|------|-----|--------|--------|--------|\n"
+            "| 基线 | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | -- | -- |\n"
+            "| LS e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | " + f"{s002_auc-bl_auc:+.4f}" + " | " + f"{s002_acc-bl_acc:+.1f}" + "pp |\n"
+            "| LS e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | " + f"{s02_auc-bl_auc:+.4f}" + " | " + f"{s02_acc-bl_acc:+.1f}" + "pp |\n"
+            "| OP s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op001_auc-bl_auc:+.4f}" + " | 0 |\n"
+            "| OP s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op0015_auc-bl_auc:+.4f}" + " | 0 |\n"
+            "| OP s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op002_auc-bl_auc:+.4f}" + " | 0 |\n\n"
+            "两类策略在机制上互补：标签平滑从训练阶段降低记忆，输出扰动从推理阶段遮蔽统计信号。"
+            "实际部署中可根据场景灵活选择或组合。\n")
+
+    gr.Markdown("---\n\n<center>教育大模型中的成员推理攻击及其防御思路研究</center>\n")
 
 demo.launch()