Update app.py

app.py

@@ -9,23 +9,25 @@ import matplotlib.pyplot as plt
 import gradio as gr
 
 # ========================================
-# 1. 数据加载 (保持你原有的优秀逻辑不变)
+# 1. 数据加载
 # ========================================
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
+
 def load_json(path):
-    try:
-        with open(os.path.join(BASE_DIR, path), 'r', encoding='utf-8') as f:
-            return json.load(f)
-    except Exception as e:
-        print(f"Warning: Could not load {path}. Error: {e}")
-        return {}
+    with open(os.path.join(BASE_DIR, path), 'r', encoding='utf-8') as f:
+        return json.load(f)
+
 
 def clean_text(text):
+    """清理文本中的特殊字符和emoji，防止乱码"""
+    # 移除emoji和特殊Unicode字符
     text = re.sub(r'[\U00010000-\U0010ffff]', '', text)
+    # 移除其他可能导致乱码的字符
     text = text.encode('utf-8', errors='ignore').decode('utf-8')
     return text
 
+
 member_data = load_json("data/member.json")
 non_member_data = load_json("data/non_member.json")
 mia_results = load_json("results/mia_results.json")
@@ -34,52 +36,57 @@ perturb_results = load_json("results/perturbation_results.json")
 full_results = load_json("results/mia_full_results.json")
 config = load_json("config.json")
 
-plt.rcParams['font.sans-serif'] = ['DejaVu Sans', 'SimHei', 'Arial']
+plt.rcParams['font.sans-serif'] = ['DejaVu Sans']
 plt.rcParams['axes.unicode_minus'] = False
 
 # 预取数值
-bl_auc = mia_results.get('baseline', {}).get('auc', 0.6308)
-s002_auc = mia_results.get('smooth_0.02', {}).get('auc', 0.6223)
-s02_auc = mia_results.get('smooth_0.2', {}).get('auc', 0.5869)
-op001_auc = perturb_results.get('perturbation_0.01', {}).get('auc', 0.6120)
-op0015_auc = perturb_results.get('perturbation_0.015', {}).get('auc', 0.6025)
-op002_auc = perturb_results.get('perturbation_0.02', {}).get('auc', 0.5947)
-
-bl_acc = utility_results.get('baseline', {}).get('accuracy', 0.633) * 100
-s002_acc = utility_results.get('smooth_0.02', {}).get('accuracy', 0.747) * 100
-s02_acc = utility_results.get('smooth_0.2', {}).get('accuracy', 0.710) * 100
-
-bl_m_mean = mia_results.get('baseline', {}).get('member_loss_mean', 0.1992)
-bl_nm_mean = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.2126)
-bl_m_std = mia_results.get('baseline', {}).get('member_loss_std', 0.0323)
-bl_nm_std = mia_results.get('baseline', {}).get('non_member_loss_std', 0.0371)
+bl_auc = mia_results.get('baseline', {}).get('auc', 0)
+s002_auc = mia_results.get('smooth_0.02', {}).get('auc', 0)
+s02_auc = mia_results.get('smooth_0.2', {}).get('auc', 0)
+op001_auc = perturb_results.get('perturbation_0.01', {}).get('auc', 0)
+op0015_auc = perturb_results.get('perturbation_0.015', {}).get('auc', 0)
+op002_auc = perturb_results.get('perturbation_0.02', {}).get('auc', 0)
+
+bl_acc = utility_results.get('baseline', {}).get('accuracy', 0) * 100
+s002_acc = utility_results.get('smooth_0.02', {}).get('accuracy', 0) * 100
+s02_acc = utility_results.get('smooth_0.2', {}).get('accuracy', 0) * 100
+
+bl_m_mean = mia_results.get('baseline', {}).get('member_loss_mean', 0.19)
+bl_nm_mean = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.23)
+bl_m_std = mia_results.get('baseline', {}).get('member_loss_std', 0.03)
+bl_nm_std = mia_results.get('baseline', {}).get('non_member_loss_std', 0.03)
 
 model_name_str = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
 gpu_name_str = config.get('gpu_name', 'T4')
 data_size_str = str(config.get('data_size', 2000))
 setup_date_str = config.get('setup_date', 'N/A')
 
-# 如果数据为空，提供假数据防止报错 (为了界面调试)
-if not member_data:
-    member_data = [{"task_type": "calculation", "metadata": {"name": "张三", "student_id": "001", "class": "1班", "score": 90}, "question": "1+1=?", "answer": "2"}]
-if not non_member_data:
-    non_member_data = [{"task_type": "concept", "metadata": {"name": "李四", "student_id": "002", "class": "2班", "score": 85}, "question": "什么是质数？", "answer": "只有1和它本身两个因数的自然数。"}]
-
 
 # ========================================
-# 2. 图表函数 (保持原样，绘图本身已经很不错)
+# 2. 图表函数
 # ========================================
+
 def make_pie_chart():
     task_counts = {}
     for item in member_data + non_member_data:
         t = item.get('task_type', 'unknown')
         task_counts[t] = task_counts.get(t, 0) + 1
-    name_map = {'calculation': 'Calculation', 'word_problem': 'Word Problem', 'concept': 'Concept Q&A', 'error_correction': 'Error Correction'}
+    name_map = {
+        'calculation': 'Calculation',
+        'word_problem': 'Word Problem',
+        'concept': 'Concept Q&A',
+        'error_correction': 'Error Correction'
+    }
     labels = [name_map.get(k, k) for k in task_counts]
     sizes = list(task_counts.values())
     colors = ['#5B8FF9', '#5AD8A6', '#F6BD16', '#E86452']
     fig, ax = plt.subplots(figsize=(7, 5.5))
-    wedges, texts, autotexts = ax.pie(sizes, labels=labels, autopct='%1.1f%%', colors=colors[:len(labels)], startangle=90, textprops={'fontsize': 11}, wedgeprops={'edgecolor': 'white', 'linewidth': 2})
+    wedges, texts, autotexts = ax.pie(
+        sizes, labels=labels, autopct='%1.1f%%',
+        colors=colors[:len(labels)],
+        startangle=90, textprops={'fontsize': 11},
+        wedgeprops={'edgecolor': 'white', 'linewidth': 2}
+    )
     for t in autotexts:
         t.set_fontsize(11)
         t.set_fontweight('bold')
@@ -87,6 +94,7 @@ def make_pie_chart():
     plt.tight_layout()
     return fig
 
+
 def make_loss_distribution():
     plot_items = []
     for k, t in [('baseline', 'Baseline'), ('smooth_0.02', 'LS (e=0.02)'), ('smooth_0.2', 'LS (e=0.2)')]:
@@ -95,12 +103,12 @@ def make_loss_distribution():
             plot_items.append((k, t + " | AUC=" + f"{auc:.4f}"))
     n = len(plot_items)
     if n == 0:
-        fig, ax = plt.subplots(figsize=(6,4))
-        ax.text(0.5, 0.5, 'Requires full results data', ha='center', color='gray')
-        ax.axis('off')
+        fig, ax = plt.subplots()
+        ax.text(0.5, 0.5, 'No data', ha='center')
         return fig
     fig, axes = plt.subplots(1, n, figsize=(5.5 * n, 4.5))
-    if n == 1: axes = [axes]
+    if n == 1:
+        axes = [axes]
     for ax, (k, title) in zip(axes, plot_items):
         m = full_results[k]['member_losses']
         nm = full_results[k]['non_member_losses']
@@ -117,26 +125,34 @@ def make_loss_distribution():
     plt.tight_layout()
     return fig
 
+
 def make_auc_bar():
     methods, aucs, colors = [], [], []
-    items = [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'), ('smooth_0.2', 'LS (e=0.2)', '#3D76DD')]
+    items = [
+        ('baseline', 'Baseline', '#8C8C8C'),
+        ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'),
+        ('smooth_0.2', 'LS (e=0.2)', '#3D76DD'),
+    ]
     for k, name, c in items:
         if k in mia_results:
-            methods.append(name); aucs.append(mia_results[k]['auc']); colors.append(c)
-    p_items = [('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'), ('perturbation_0.015', 'OP (s=0.015)', '#2EAD78'), ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A')]
+            methods.append(name)
+            aucs.append(mia_results[k]['auc'])
+            colors.append(c)
+    p_items = [
+        ('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'),
+        ('perturbation_0.015', 'OP (s=0.015)', '#2EAD78'),
+        ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A'),
+    ]
     for k, name, c in p_items:
         if k in perturb_results:
-            methods.append(name); aucs.append(perturb_results[k]['auc']); colors.append(c)
-    
-    if not methods: # Fallback dummy data if JSON not loaded
-        methods = ['Baseline', 'LS (e=0.02)', 'LS (e=0.2)', 'OP (s=0.015)']
-        aucs = [0.6308, 0.6223, 0.5869, 0.6025]
-        colors = ['#8C8C8C', '#5B8FF9', '#3D76DD', '#2EAD78']
-
+            methods.append(name)
+            aucs.append(perturb_results[k]['auc'])
+            colors.append(c)
     fig, ax = plt.subplots(figsize=(10, 5.5))
     bars = ax.bar(methods, aucs, color=colors, width=0.52, edgecolor='white', linewidth=1.5)
     for bar, a in zip(bars, aucs):
-        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.003, f'{a:.4f}', ha='center', va='bottom', fontsize=11, fontweight='bold')
+        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.003,
+                f'{a:.4f}', ha='center', va='bottom', fontsize=11, fontweight='bold')
     ax.axhline(y=0.5, color='#E86452', linestyle='--', linewidth=1.5, alpha=0.7, label='Random Guess (0.5)')
     ax.set_ylabel('MIA AUC', fontsize=12)
     ax.set_title('Defense Mechanisms - AUC Comparison', fontsize=14, fontweight='bold')
@@ -149,23 +165,28 @@ def make_auc_bar():
     plt.tight_layout()
     return fig
 
+
 def make_tradeoff():
     fig, ax = plt.subplots(figsize=(9, 6.5))
     points = []
-    for k, name, marker, color, sz in [('baseline', 'Baseline', 'o', '#8C8C8C', 200), ('smooth_0.02', 'LS (e=0.02)', 's', '#5B8FF9', 180), ('smooth_0.2', 'LS (e=0.2)', 's', '#3D76DD', 180)]:
+    for k, name, marker, color, sz in [
+        ('baseline', 'Baseline', 'o', '#8C8C8C', 200),
+        ('smooth_0.02', 'LS (e=0.02)', 's', '#5B8FF9', 180),
+        ('smooth_0.2', 'LS (e=0.2)', 's', '#3D76DD', 180)]:
         if k in mia_results and k in utility_results:
-            points.append({'name': name, 'auc': mia_results[k]['auc'], 'acc': utility_results[k]['accuracy'], 'marker': marker, 'color': color, 'size': sz})
+            points.append({'name': name, 'auc': mia_results[k]['auc'],
+                           'acc': utility_results[k]['accuracy'],
+                           'marker': marker, 'color': color, 'size': sz})
     base_acc = utility_results.get('baseline', {}).get('accuracy', 0.633)
-    for k, name, marker, color, sz in [('perturbation_0.01', 'OP (s=0.01)', '^', '#5AD8A6', 190), ('perturbation_0.02', 'OP (s=0.02)', '^', '#1A7F5A', 190)]:
+    for k, name, marker, color, sz in [
+        ('perturbation_0.01', 'OP (s=0.01)', '^', '#5AD8A6', 190),
+        ('perturbation_0.02', 'OP (s=0.02)', '^', '#1A7F5A', 190)]:
         if k in perturb_results:
-            points.append({'name': name, 'auc': perturb_results[k]['auc'], 'acc': base_acc, 'marker': marker, 'color': color, 'size': sz})
-    
-    if not points: # Fallback dummy
-         points = [{'name':'Baseline','auc':0.6308,'acc':0.633,'marker':'o','color':'#8C8C8C','size':200},
-                   {'name':'LS (e=0.02)','auc':0.6223,'acc':0.747,'marker':'s','color':'#5B8FF9','size':180}]
-
+            points.append({'name': name, 'auc': perturb_results[k]['auc'],
+                           'acc': base_acc, 'marker': marker, 'color': color, 'size': sz})
     for p in points:
-        ax.scatter(p['acc'], p['auc'], label=p['name'], marker=p['marker'], color=p['color'], s=p['size'], edgecolors='white', linewidth=2, zorder=5)
+        ax.scatter(p['acc'], p['auc'], label=p['name'], marker=p['marker'],
+                   color=p['color'], s=p['size'], edgecolors='white', linewidth=2, zorder=5)
     ax.axhline(y=0.5, color='#BFBFBF', linestyle='--', alpha=0.8, label='Random Guess')
     ax.set_xlabel('Model Utility (Accuracy)', fontsize=12, fontweight='bold')
     ax.set_ylabel('Privacy Risk (MIA AUC)', fontsize=12, fontweight='bold')
@@ -182,23 +203,27 @@ def make_tradeoff():
     plt.tight_layout()
     return fig
 
+
 def make_accuracy_bar():
     names, accs, colors = [], [], []
-    for k, name, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'), ('smooth_0.2', 'LS (e=0.2)', '#3D76DD')]:
+    for k, name, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'),
+                        ('smooth_0.2', 'LS (e=0.2)', '#3D76DD')]:
         if k in utility_results:
-            names.append(name); accs.append(utility_results[k]['accuracy'] * 100); colors.append(c)
-    base_pct = utility_results.get('baseline', {}).get('accuracy', 0.633) * 100
-    for k, name, c in [('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'), ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A')]:
+            names.append(name)
+            accs.append(utility_results[k]['accuracy'] * 100)
+            colors.append(c)
+    base_pct = utility_results.get('baseline', {}).get('accuracy', 0) * 100
+    for k, name, c in [('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'),
+                        ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A')]:
         if k in perturb_results:
-            names.append(name); accs.append(base_pct); colors.append(c)
-    
-    if not names: # Fallback dummy
-         names = ['Baseline', 'LS (e=0.02)', 'LS (e=0.2)']; accs = [63.3, 74.7, 71.0]; colors = ['#8C8C8C', '#5B8FF9', '#3D76DD']
-
+            names.append(name)
+            accs.append(base_pct)
+            colors.append(c)
     fig, ax = plt.subplots(figsize=(10, 5.5))
     bars = ax.bar(names, accs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, acc in zip(bars, accs):
-        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.6, f'{acc:.1f}%', ha='center', va='bottom', fontsize=11, fontweight='bold')
+        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.6,
+                f'{acc:.1f}%', ha='center', va='bottom', fontsize=11, fontweight='bold')
     ax.set_ylabel('Accuracy (%)', fontsize=12)
     ax.set_title('Model Utility (300 Math Questions)', fontsize=14, fontweight='bold')
     ax.set_ylim(0, 100)
@@ -209,33 +234,52 @@ def make_accuracy_bar():
     plt.tight_layout()
     return fig
 
+
 def make_loss_gauge(loss_val, m_mean, nm_mean, threshold):
+    """生成精致的Loss位置可视化图表（替代粗糙的ASCII字符画）"""
     fig, ax = plt.subplots(figsize=(8, 2.5))
+
+    # 绘制底部色条
     x_min = min(m_mean - 3 * bl_m_std, loss_val - 0.01)
     x_max = max(nm_mean + 3 * bl_nm_std, loss_val + 0.01)
 
+    # 成员区域（蓝色渐变）
     ax.axvspan(x_min, threshold, alpha=0.15, color='#5B8FF9')
+    # 非成员区域（红色渐变）
     ax.axvspan(threshold, x_max, alpha=0.15, color='#E86452')
 
+    # 阈值线
     ax.axvline(x=threshold, color='#595959', linewidth=2, linestyle='-', zorder=3)
-    ax.text(threshold, 1.15, 'Threshold', ha='center', va='bottom', fontsize=9, fontweight='bold', color='#595959', transform=ax.get_xaxis_transform())
+    ax.text(threshold, 1.15, 'Threshold', ha='center', va='bottom', fontsize=9,
+            fontweight='bold', color='#595959', transform=ax.get_xaxis_transform())
 
+    # 成员均值标记
     ax.axvline(x=m_mean, color='#5B8FF9', linewidth=1.5, linestyle='--', alpha=0.7)
-    ax.text(m_mean, -0.25, f'Member\n({m_mean:.4f})', ha='center', va='top', fontsize=8, color='#5B8FF9', transform=ax.get_xaxis_transform())
+    ax.text(m_mean, -0.25, f'Member\n({m_mean:.4f})', ha='center', va='top', fontsize=8,
+            color='#5B8FF9', transform=ax.get_xaxis_transform())
 
+    # 非成员均值标记
     ax.axvline(x=nm_mean, color='#E86452', linewidth=1.5, linestyle='--', alpha=0.7)
-    ax.text(nm_mean, -0.25, f'Non-Member\n({nm_mean:.4f})', ha='center', va='top', fontsize=8, color='#E86452', transform=ax.get_xaxis_transform())
+    ax.text(nm_mean, -0.25, f'Non-Member\n({nm_mean:.4f})', ha='center', va='top', fontsize=8,
+            color='#E86452', transform=ax.get_xaxis_transform())
 
+    # 当前样本标记（大箭头）
     is_member_zone = loss_val < threshold
     marker_color = '#5B8FF9' if is_member_zone else '#E86452'
-    ax.plot(loss_val, 0.5, marker='v', markersize=18, color=marker_color, zorder=5, transform=ax.get_xaxis_transform())
+    ax.plot(loss_val, 0.5, marker='v', markersize=18, color=marker_color, zorder=5,
+            transform=ax.get_xaxis_transform())
     label_text = f'Loss={loss_val:.4f}'
-    ax.text(loss_val, 0.75, label_text, ha='center', va='bottom', fontsize=10, fontweight='bold', color=marker_color, transform=ax.get_xaxis_transform(), bbox=dict(boxstyle='round,pad=0.3', facecolor='white', edgecolor=marker_color, alpha=0.9))
+    ax.text(loss_val, 0.75, label_text, ha='center', va='bottom', fontsize=10,
+            fontweight='bold', color=marker_color, transform=ax.get_xaxis_transform(),
+            bbox=dict(boxstyle='round,pad=0.3', facecolor='white', edgecolor=marker_color, alpha=0.9))
 
+    # 区域标签
     member_center = (x_min + threshold) / 2
     nonmember_center = (threshold + x_max) / 2
-    ax.text(member_center, 0.5, 'Member Zone', ha='center', va='center', fontsize=10, color='#5B8FF9', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
-    ax.text(nonmember_center, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=10, color='#E86452', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
+    ax.text(member_center, 0.5, 'Member Zone', ha='center', va='center', fontsize=10,
+            color='#5B8FF9', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
+    ax.text(nonmember_center, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=10,
+            color='#E86452', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
 
     ax.set_xlim(x_min, x_max)
     ax.set_yticks([])
@@ -246,33 +290,55 @@ def make_loss_gauge(loss_val, m_mean, nm_mean, threshold):
     plt.tight_layout()
     return fig
 
+
 def risk_badge(auc_val):
-    if auc_val > 0.62: return "🔴 高风险"
-    elif auc_val > 0.55: return "🟡 中风险"
-    else: return "🟢 低风险"
+    if auc_val > 0.62:
+        return "High"
+    elif auc_val > 0.55:
+        return "Medium"
+    else:
+        return "Low"
+
 
 # ========================================
 # 3. 回调函数
 # ========================================
+
 def show_random_sample(data_type):
-    data = member_data if data_type == "成员数据（训练集）" else non_member_data
+    if data_type == "成员数据（训练集）":
+        data = member_data
+    else:
+        data = non_member_data
     sample = data[np.random.randint(0, len(data))]
-    meta = sample.get('metadata', {'name': '未知', 'student_id': '未知', 'class': '未知', 'score': '未知'})
-    task_map = {'calculation': '基础计算', 'word_problem': '应用题', 'concept': '概念问答', 'error_correction': '错题订正'}
-    
+    meta = sample['metadata']
+    task_map = {
+        'calculation': '基础计算',
+        'word_problem': '应用题',
+        'concept': '概念问答',
+        'error_correction': '错题订正'
+    }
     info = (
-        "### 🛡️ 截获的隐私元数据\n"
-        f"- **姓名**: {meta.get('name', 'N/A')}\n"
-        f"- **学号**: {meta.get('student_id', 'N/A')}\n"
-        f"- **班级**: {meta.get('class', 'N/A')}\n"
-        f"- **成绩**: {meta.get('score', 'N/A')} 分\n"
-        f"- **类型**: {task_map.get(sample.get('task_type', ''), sample.get('task_type', ''))}\n"
+        "### 样本元信息（隐私字段）\n\n"
+        "| 字段 | 值 |\n"
+        "|------|-----|\n"
+        "| **姓名** | " + str(meta['name']) + " |\n"
+        "| **学号** | " + str(meta['student_id']) + " |\n"
+        "| **班级** | " + str(meta['class']) + " |\n"
+        "| **成绩** | " + str(meta['score']) + " 分 |\n"
+        "| **任务类型** | " + task_map.get(sample['task_type'], sample['task_type']) + " |\n\n"
+        "> 以上即为攻击者试图推断的 **学生隐私信息**\n"
     )
-    return info, clean_text(sample.get('question', '')), clean_text(sample.get('answer', ''))
+    return info, clean_text(sample['question']), clean_text(sample['answer'])
+
 
 def run_mia_demo(sample_index, data_type):
-    is_member = (data_type == "成员数据（训练集）")
-    data = member_data if is_member else non_member_data
+    if data_type == "成员数据（训练集）":
+        is_member = True
+        data = member_data
+    else:
+        is_member = False
+        data = non_member_data
+
     idx = min(int(sample_index), len(data) - 1)
     sample = data[idx]
 
@@ -282,241 +348,468 @@ def run_mia_demo(sample_index, data_type):
     elif not is_member and idx < len(bl.get('non_member_losses', [])):
         loss = bl['non_member_losses'][idx]
     else:
-        loss = float(np.random.normal(bl_m_mean, 0.02)) if is_member else float(np.random.normal(bl_nm_mean, 0.02))
+        if is_member:
+            loss = float(np.random.normal(bl_m_mean, 0.02))
+        else:
+            loss = float(np.random.normal(bl_nm_mean, 0.02))
 
     threshold = (bl_m_mean + bl_nm_mean) / 2.0
     pred_member = (loss < threshold)
     actual_member = is_member
     attack_correct = (pred_member == actual_member)
 
+    # 生成精致的可视化图表
     gauge_fig = make_loss_gauge(loss, bl_m_mean, bl_nm_mean, threshold)
 
-    pred_html = f"<span style='color: {'#E86452' if pred_member else '#5AD8A6'}; font-weight: bold;'>{'训练成员 🔴' if pred_member else '非训练成员 🟢'}</span>"
-    actual_html = f"<span style='color: {'#E86452' if actual_member else '#5AD8A6'}; font-weight: bold;'>{'训练成员 🔴' if actual_member else '非训练成员 🟢'}</span>"
-    
+    if pred_member:
+        pred_text = "是训练成员（Loss < 阈值，模型过于熟悉）"
+        pred_icon = "🔴"
+    else:
+        pred_text = "非训练成员（Loss >= 阈值，模型不熟悉）"
+        pred_icon = "🟢"
+
+    if actual_member:
+        actual_text = "是训练成员（此数据参与了训练）"
+        actual_icon = "🔴"
+    else:
+        actual_text = "非训练成员（此数据未参与训练）"
+        actual_icon = "🟢"
+
     if attack_correct and pred_member and actual_member:
-        res_style = "background: #ffebe9; border-left: 5px solid #E86452; color: #cf222e;"
-        res_title = "⚠️ 攻击成功：发生了隐私泄露"
-        res_desc = "模型对该样本过于熟悉（Loss低于阈值），攻击者成功判定其为训练集数据！"
+        result_text = "**攻击成功 -- 隐私泄露**"
+        result_icon = "⚠️"
     elif attack_correct:
-        res_style = "background: #e6ffec; border-left: 5px solid #5AD8A6; color: #1a7f37;"
-        res_title = "✅ 判定正确：未发生隐私泄露"
-        res_desc = "样本确实未参与训练，且模型表现出正常的陌生感。"
+        result_text = "**判断正确**"
+        result_icon = "✅"
+    else:
+        result_text = "**攻击失误**"
+        result_icon = "❌"
+
+    if pred_member:
+        warning = (
+            "> **隐私风险** : 此样本 Loss = " + f"{loss:.4f}"
+            + " 低于阈值 " + f"{threshold:.4f}"
+            + "，模型对它过于熟悉，学生隐私可能被推断。"
+        )
     else:
-        res_style = "background: #f6f8fa; border-left: 5px solid #8c8c8c; color: #57606a;"
-        res_title = "❌ 攻击失误：攻击者推断失败"
-        res_desc = "攻击者的判断与事实不符，隐私得到了保护。"
-
-    # 使用 HTML 输出精美的高亮结果板
-    result_html = f"""
-    <div style='{res_style} padding: 15px; border-radius: 8px; margin-bottom: 15px;'>
-        <h3 style='margin-top: 0; margin-bottom: 8px; display: flex; align-items: center; font-size: 1.2em;'>{res_title}</h3>
-        <p style='margin: 0; font-size: 0.95em;'>{res_desc}</p>
-    </div>
-    <div style='display: grid; grid-template-columns: 1fr 1fr; gap: 10px; font-size: 1em;'>
-        <div style='background: #fff; padding: 12px; border-radius: 6px; border: 1px solid #eaecef;'>
-            <div style='color: #57606a; font-size: 0.85em; margin-bottom: 4px;'>攻击者计算得出</div>
-            <div>{pred_html}</div>
-            <div style='color: #8c8c8c; font-size: 0.85em; margin-top: 4px;'>Sample Loss: {loss:.4f}</div>
-        </div>
-        <div style='background: #fff; padding: 12px; border-radius: 6px; border: 1px solid #eaecef;'>
-            <div style='color: #57606a; font-size: 0.85em; margin-bottom: 4px;'>系统真实身份</div>
-            <div>{actual_html}</div>
-            <div style='color: #8c8c8c; font-size: 0.85em; margin-top: 4px;'>System Threshold: {threshold:.4f}</div>
-        </div>
-    </div>
-    """
-    
-    question_display = f"**样本追踪号 [ {idx} ] :**\n\n> {clean_text(sample.get('question', '')[:600])}"
-    return question_display, gauge_fig, result_html
+        warning = (
+            "> **相对安全** : 此样本 Loss = " + f"{loss:.4f}"
+            + " 高于阈值 " + f"{threshold:.4f}"
+            + "，模型对其无特殊记忆。"
+        )
+
+    result_md = (
+        "### Loss 计算结果\n\n"
+        "| 指标 | 值 |\n"
+        "|------|-----|\n"
+        "| 样本 Loss | " + f"{loss:.6f}" + " |\n"
+        "| 判定阈值 | " + f"{threshold:.6f}" + " |\n"
+        "| 成员平均 Loss | " + f"{bl_m_mean:.6f}" + " |\n"
+        "| 非成员平均 Loss | " + f"{bl_nm_mean:.6f}" + " |\n\n"
+        "### 攻击判定\n\n"
+        "| 项目 | 结果 |\n"
+        "|------|------|\n"
+        "| 攻击者预测 | " + pred_icon + " " + pred_text + " |\n"
+        "| 实际身份 | " + actual_icon + " " + actual_text + " |\n"
+        "| 攻击结果 | " + result_icon + " " + result_text + " |\n\n"
+        + warning + "\n"
+    )
+
+    question_display = "**第 " + str(idx) + " 号样本 :**\n\n" + clean_text(sample['question'][:600])
+    return question_display, gauge_fig, result_md
 
 
 # ========================================
-# 4. 前端精装修 CSS & Gradio 构建
+# 4. 构建界面
 # ========================================
 
 custom_css = """
-/* 全局设定 */
-body { background-color: #f7f9fc !important; }
+/* 整体容器 */
 .gradio-container {
     max-width: 1200px !important;
-    margin: 2rem auto !important;
+    margin: auto !important;
     font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif !important;
 }
 
-/* ★ 核心升级：精美卡片式布局 ★ */
-.custom-card {
-    background: #ffffff !important;
-    border-radius: 12px !important;
-    box-shadow: 0 4px 15px rgba(0, 0, 0, 0.05) !important;
-    padding: 24px !important;
-    border: 1px solid #edf2f9 !important;
-    margin-bottom: 16px !important;
-}
-
-/* Tab 导航美化 */
-.tab-nav {
-    border-bottom: 2px solid #edf2f9 !important;
-    margin-bottom: 20px !important;
-}
+/* Tab 按钮 */
 .tab-nav button {
-    font-size: 15px !important;
-    padding: 12px 20px !important;
+    font-size: 14px !important;
+    padding: 10px 16px !important;
     font-weight: 500 !important;
-    color: #5e6e82 !important;
     border-radius: 8px 8px 0 0 !important;
-    transition: all 0.2s ease !important;
 }
-.tab-nav button:hover { background: #f8faff !important; color: #5B8FF9 !important; }
 .tab-nav button.selected {
     font-weight: 700 !important;
-    color: #2b52ff !important;
     border-bottom: 3px solid #5B8FF9 !important;
-    background: transparent !important;
 }
 
-/* 标题样式重构 */
+/* 标题样式 */
 .prose h1 {
-    font-size: 2rem !important;
+    font-size: 1.8rem !important;
     color: #1a1a2e !important;
-    border-bottom: 3px solid #5B8FF9 !important;
-    padding-bottom: 12px !important;
-    margin-bottom: 24px !important;
-    font-weight: 800 !important;
+    border-bottom: 2px solid #5B8FF9 !important;
+    padding-bottom: 8px !important;
 }
 .prose h2 {
-    font-size: 1.4rem !important;
-    color: #2d3748 !important;
-    margin-top: 0.5em !important;
-    border-left: 4px solid #5B8FF9 !important;
-    padding-left: 10px !important;
+    font-size: 1.35rem !important;
+    color: #16213e !important;
+    margin-top: 1.2em !important;
 }
-
-/* 引用块设计感 */
-.prose blockquote {
-    border-left: 4px solid #5AD8A6 !important;
-    background: #f0fbf7 !important;
-    padding: 16px 20px !important;
-    margin: 16px 0 !important;
-    border-radius: 0 8px 8px 0 !important;
-    color: #2d3748 !important;
+.prose h3 {
+    font-size: 1.1rem !important;
+    color: #0f3460 !important;
 }
 
-/* 按钮微调 */
-button.primary {
-    background: linear-gradient(135deg, #5B8FF9 0%, #3D76DD 100%) !important;
-    border: none !important;
-    box-shadow: 0 4px 6px rgba(91, 143, 249, 0.2) !important;
+/* 表格美化 */
+.prose table {
+    border-collapse: collapse !important;
+    width: 100% !important;
+    font-size: 0.9rem !important;
 }
-button.primary:hover {
-    transform: translateY(-1px);
-    box-shadow: 0 6px 10px rgba(91, 143, 249, 0.3) !important;
+.prose th {
+    background: #f0f5ff !important;
+    color: #1a1a2e !important;
+    font-weight: 600 !important;
+    padding: 10px 14px !important;
+}
+.prose td {
+    padding: 8px 14px !important;
+    border-bottom: 1px solid #eee !important;
+}
+
+/* 引用块 */
+.prose blockquote {
+    border-left: 4px solid #5B8FF9 !important;
+    background: #f7f9fc !important;
+    padding: 12px 16px !important;
+    margin: 12px 0 !important;
+    border-radius: 0 6px 6px 0 !important;
 }
 
-/* 隐藏 Footer */
+/* 隐藏底部 */
 footer { display: none !important; }
 """
 
+
 with gr.Blocks(
     title="教育大模型隐私攻防实验",
-    theme=gr.themes.Soft(primary_hue="blue", neutral_hue="slate"),
+    theme=gr.themes.Soft(primary_hue="blue", secondary_hue="sky", neutral_hue="slate"),
     css=custom_css
 ) as demo:
 
-    gr.Markdown("# 🎓 教育大模型中的成员推理攻击及其防御研究\n\n> 探究教育大语言模型的隐私泄露风险，验证 **标签平滑** 与 **输出扰动** 两种防御策略的有效性及其对模型效用的影响。")
+    # ============================
+    # 顶部
+    # ============================
+    gr.Markdown(
+        "# 教育大模型中的成员推理攻击及其防御研究\n\n"
+        "> 探究教育场景下大语言模型的隐私泄露风险，"
+        "验证 **标签平滑** 与 **输出扰动** 两种防御策略的有效性及其对模型效用的影响。\n"
+    )
 
-    with gr.Tabs():
-        # --- Tab 1: 项目概览 ---
-        with gr.Tab("项目概览"):
-            with gr.Column(elem_classes="custom-card"):
-                gr.Markdown(
-                    "## 📌 研究背景\n\n"
-                    "大语言模型在教育领域（如智能辅导系统）应用广泛，其训练数据往往包含学生敏感隐私。"
-                    "**成员推理攻击 (MIA)** 可以判断某条数据是否被模型“��住”，从而引发隐私泄露威胁。\n\n"
+    # ============================
+    # Tab 1: 项目概览
+    # ============================
+    with gr.Tab("项目概览"):
+        gr.Markdown(
+            "## 研究背景\n\n"
+            "随着大语言模型在教育领域的广泛应用（智能辅导系统、个性化学习推荐等），"
+            "模型训练过程中不可避免地接触到学生敏感数据。"
+            "**成员推理攻击 (Membership Inference Attack, MIA)** 可以判断某条数据是否参与了模型训练，"
+            "进而推断学生的隐私信息。\n\n"
+            "---\n\n"
+            "## 研究设计\n\n"
+            "| 阶段 | 内容 | 说明 |\n"
+            "|------|------|------|\n"
+            "| 数据准备 | 2000条小学数学辅导对话 | 含姓名、学号、班级、成绩等隐私字段 |\n"
+            "| 模型训练 | Qwen2.5-Math-1.5B + LoRA | 基线模型 + 标签平滑模型 (e=0.02, 0.2) |\n"
+            "| 攻击测试 | Loss-based MIA | 利用模型输出Loss判断成员身份 |\n"
+            "| 训练期防御 | 标签平滑 | 软化训练标签，降低模型对训练数据的记忆程度 |\n"
+            "| 推理期防御 | 输出扰动 | 在推理阶段对输出Loss添加高斯噪声 |\n"
+            "| 综合评估 | 隐私-效用权衡分析 | AUC（隐私风险）+ 准确率（模型效用）|\n\n"
+            "---\n\n"
+            "## 实验配置\n\n"
+            "| 配置项 | 值 |\n"
+            "|--------|-----|\n"
+            "| 基座模型 | " + model_name_str + " |\n"
+            "| 微调方法 | LoRA (r=8, alpha=16, target: q/k/v/o_proj) |\n"
+            "| 训练轮数 | 10 epochs |\n"
+            "| 数据总量 | " + data_size_str + " 条 (成员1000 + 非成员1000) |\n"
+            "| GPU | " + gpu_name_str + " |\n\n"
+            "---\n\n"
+            "## 技术路线\n\n"
+            "| 步骤 | 阶段 | 方法 | 输出 |\n"
+            "|------|------|------|------|\n"
+            "| 1 | 数据生成 | 模板化生成2000条对话 | member.json + non_member.json |\n"
+            "| 2 | 基线训练 | LoRA微调Qwen2.5-Math | baseline模型 |\n"
+            "| 3 | 防御训练 | 标签平滑 (e=0.02, e=0.2) | smooth模型 x2 |\n"
+            "| 4 | MIA攻击 | 计算全量样本Loss，AUC评估 | mia_results.json |\n"
+            "| 5 | 输出扰动 | 对baseline Loss加高斯噪声 (s=0.01~0.02) | perturbation_results.json |\n"
+            "| 6 | 效用评估 | 300道数学测试题 | utility_results.json |\n"
+            "| 7 | 综合分析 | 隐私-效用权衡图 | 研究结论 |\n"
+        )
+
+    # ============================
+    # Tab 2: 数据展示
+    # ============================
+    with gr.Tab("数据展示"):
+        gr.Markdown(
+            "## 数据集概况\n\n"
+            "- **成员数据（训练集）**: 1000条，用于模型微调训练\n"
+            "- **非成员数据（测试集）**: 1000条，不参与训练，作为MIA攻击的对照组\n"
+            "- 每条数据均包含学生隐私字段（姓名、学号、班级、成绩），模拟真实教育场景\n"
+        )
+
+        with gr.Row():
+            with gr.Column(scale=1):
+                gr.Markdown("### 任务类型分布")
+                gr.Plot(value=make_pie_chart())
+            with gr.Column(scale=1):
+                gr.Markdown("### 随机查看样本")
+                data_sel = gr.Radio(
+                    choices=["成员数据（训练集）", "非成员数据（测试集）"],
+                    value="成员数据（训练集）",
+                    label="数据类型"
+                )
+                sample_btn = gr.Button("随机抽取样本", variant="primary")
+
+        sample_info = gr.Markdown()
+        with gr.Row():
+            sample_q = gr.Textbox(label="学生提问", lines=6, interactive=False)
+            sample_a = gr.Textbox(label="模型回答", lines=6, interactive=False)
+
+        sample_btn.click(
+            fn=show_random_sample,
+            inputs=[data_sel],
+            outputs=[sample_info, sample_q, sample_a]
+        )
+
+    # ============================
+    # Tab 3: MIA攻击演示
+    # ============================
+    with gr.Tab("MIA攻击演示"):
+        gr.Markdown(
+            "## 成员推理攻击演示\n\n"
+            "**原理**: 模型对训练过的数据产生更低的Loss，"
+            "攻击者利用Loss与阈值的比较判断样本是否为训练成员。\n\n"
+            "1. 选择数据来源 (成员 / 非成员)\n"
+            "2. 拖动滑块选择样本编号\n"
+            "3. 点击 **执行攻击**\n"
+        )
+
+        with gr.Row():
+            with gr.Column(scale=1):
+                atk_data_type = gr.Radio(
+                    choices=["成员数据（训练集）", "非成员数据（测试集）"],
+                    value="成员数据（训练集）",
+                    label="数据来源"
                 )
-            with gr.Row():
-                with gr.Column(elem_classes="custom-card"):
-                    gr.Markdown(
-                        "## ⚙️ 实验配置\n"
-                        f"- **基座模型**: `{model_name_str}`\n"
-                        f"- **微调方法**: LoRA (r=8, alpha=16)\n"
-                        f"- **数据总量**: {data_size_str} 条 (1:1 成员与非成员)\n"
-                        f"- **计算硬件**: {gpu_name_str}\n"
-                    )
-                with gr.Column(elem_classes="custom-card"):
-                    gr.Markdown(
-                        "## 🛡️ 防御架构\n"
-                        "- **训练期 - 标签平滑**: 软化目标标签，抑制模型过拟合。\n"
-                        "- **推理期 - 输出扰动**: 注入高斯噪声，物理隔绝攻击者对 Loss 的精确探测。\n"
-                    )
-
-        # --- Tab 2: 数据展示 ---
-        with gr.Tab("数据展示"):
-            with gr.Row():
-                with gr.Column(scale=1, elem_classes="custom-card"):
-                    gr.Markdown("## 📊 数据分布概况")
-                    gr.Plot(value=make_pie_chart())
-                
-                with gr.Column(scale=1, elem_classes="custom-card"):
-                    gr.Markdown("## 🎲 数据抽样与隐私探查")
-                    data_sel = gr.Radio(choices=["成员数据（训练集）", "非成员数据（测试集）"], value="成员数据（训练集）", label="选择靶向数据池", interactive=True)
-                    sample_btn = gr.Button("🔍 随机提取样本与隐私字典", variant="primary")
-                    sample_info = gr.Markdown()
-                    
-            with gr.Column(elem_classes="custom-card"):
-                gr.Markdown("### 📄 原始对话内容")
-                with gr.Row():
-                    sample_q = gr.Textbox(label="🧑‍🎓 学生提问 (Prompt)", lines=5)
-                    sample_a = gr.Textbox(label="🤖 模型回答 (Ground Truth)", lines=5)
-
-            sample_btn.click(fn=show_random_sample, inputs=[data_sel], outputs=[sample_info, sample_q, sample_a])
-
-        # --- Tab 3: MIA攻击演示 ---
-        with gr.Tab("MIA攻击演示"):
-            with gr.Row():
-                with gr.Column(scale=1, elem_classes="custom-card"):
-                    gr.Markdown("## 🥷 发起黑盒 API 攻击")
-                    gr.Markdown("调整下方滑块选择一条截获的数据，系统将计算该条数据的 Loss 值并实施判定。")
-                    atk_data_type = gr.Radio(choices=["成员数据（训练集）", "非成员数据（测试集）"], value="成员数据（训练集）", label="模拟真实数据来源")
-                    atk_index = gr.Slider(minimum=0, maximum=999, step=1, value=12, label="样本游标 ID (0-999)")
-                    atk_btn = gr.Button("⚡ 执行成员推理攻击", variant="primary", size="lg")
-                    atk_question = gr.Markdown(elem_classes="prose")
-
-                with gr.Column(scale=1, elem_classes="custom-card"):
-                    gr.Markdown("## 📡 攻击侦测控制台")
-                    atk_gauge = gr.Plot(label="Loss 分布雷达")
-                    atk_result_html = gr.HTML() # 改用 HTML 渲染精美面板
-
-            atk_btn.click(fn=run_mia_demo, inputs=[atk_index, atk_data_type], outputs=[atk_question, atk_gauge, atk_result_html])
-
-        # --- Tab 4: 防御对比 ---
-        with gr.Tab("防御对比"):
-            with gr.Row():
-                with gr.Column(elem_classes="custom-card"):
-                    gr.Markdown("## 📉 隐私风险 (AUC) 宏观对比")
-                    gr.Plot(value=make_auc_bar())
-                with gr.Column(elem_classes="custom-card"):
-                    gr.Markdown("## 🔔 底层 Loss 分布位移")
-                    gr.Plot(value=make_loss_distribution())
-
-        # --- Tab 5: 效用评估 ---
-        with gr.Tab("效用评估"):
-            with gr.Row():
-                with gr.Column(elem_classes="custom-card"):
-                    gr.Markdown("## 🎯 模型数学能力基准 (Accuracy)")
-                    gr.Plot(value=make_accuracy_bar())
-                with gr.Column(elem_classes="custom-card"):
-                    gr.Markdown("## ⚖️ 隐私-效用权衡空间 (Trade-off)")
-                    gr.Plot(value=make_tradeoff())
-
-        # --- Tab 6: 研究结论 ---
-        with gr.Tab("研究结论"):
-            with gr.Column(elem_classes="custom-card"):
-                gr.Markdown(
-                    "## 💡 核心学术贡献\n\n"
-                    "1. **确认了教育场景下的内生风险**：证明了基于大模型的教育应用在未经特殊处理时，极易向外部暴露学生的学情数据（基线 AUC=0.6308）。\n\n"
-                    "2. **论证了正则化与隐私防御的协同性**：适度的标签平滑（ε=0.02）不仅没有降低模型智商，反而由于抑制了过拟合，使数学准确率提升至 74.7%，是一种“双赢”的内建防御��制。\n\n"
-                    "3. **验证了推断期防御的高效性**：输出扰动（σ=0.02）作为一种零效用损耗的插件方案，能有效混淆黑盒探测者的统计雷达，尤其适合算力受限或模型已定型的生产环境。\n"
+                atk_index = gr.Slider(
+                    minimum=0, maximum=999, step=1, value=0,
+                    label="样本编号 (0-999)"
                 )
+                atk_btn = gr.Button("执行MIA攻击", variant="primary", size="lg")
+            with gr.Column(scale=1):
+                atk_question = gr.Markdown()
+
+        atk_gauge = gr.Plot(label="Loss位置可视化")
+        atk_result = gr.Markdown()
+
+        atk_btn.click(
+            fn=run_mia_demo,
+            inputs=[atk_index, atk_data_type],
+            outputs=[atk_question, atk_gauge, atk_result]
+        )
+
+    # ============================
+    # Tab 4: 防御对比
+    # ============================
+    with gr.Tab("防御对比"):
+        gr.Markdown(
+            "## 防御策略效果对比\n\n"
+            "| 策略 | 类型 | 原理 | 优势 | 局限 |\n"
+            "|------|------|------|------|------|\n"
+            "| 标签平滑 | 训练期 | 软化one-hot标签，抑制过拟合 | 从根���降低模型记忆 | 可能影响模型效用 |\n"
+            "| 输出扰动 | 推理期 | 对输出Loss添加高斯噪声 | 零效用损失，即插即用 | 仅遮蔽统计信号 |\n"
+        )
+
+        with gr.Row():
+            with gr.Column():
+                gr.Markdown("### AUC对比（所有防御策略）")
+                gr.Plot(value=make_auc_bar())
+            with gr.Column():
+                gr.Markdown("### Loss分布对比")
+                gr.Plot(value=make_loss_distribution())
+
+        table = (
+            "### 实验结果汇总\n\n"
+            "| 策略 | 类型 | AUC | 风险等级 |\n"
+            "|------|------|-----|----------|\n"
+        )
+        for k, name, cat in [('baseline', '基线 (无防御)', '--'),
+                              ('smooth_0.02', '标签平滑 (e=0.02)', '训练期'),
+                              ('smooth_0.2', '标签平滑 (e=0.2)', '训练期')]:
+            if k in mia_results:
+                a = mia_results[k]['auc']
+                table += "| " + name + " | " + cat + " | " + f"{a:.4f}" + " | " + risk_badge(a) + " |\n"
+        for k, name in [('perturbation_0.01', '输出扰动 (s=0.01)'),
+                         ('perturbation_0.015', '输出扰动 (s=0.015)'),
+                         ('perturbation_0.02', '输出扰动 (s=0.02)')]:
+            if k in perturb_results:
+                a = perturb_results[k]['auc']
+                table += "| " + name + " | 推理期 | " + f"{a:.4f}" + " | " + risk_badge(a) + " |\n"
+        gr.Markdown(table)
+
+    # ============================
+    # Tab 5: 防御详解（标签平滑 + 输出扰动）
+    # ============================
+    with gr.Tab("防御详解"):
+        gr.Markdown(
+            "## 防御策略详解\n\n"
+            "---\n\n"
+            "### 一、标签平滑 (Label Smoothing)\n\n"
+            "**类型** : 训练期防御\n\n"
+            "**原理** : 将训练标签从硬标签 (one-hot) 转换为软标签，"
+            "降低模型对训练样本的过度拟合程度，从而缩小成员与非成员之间的Loss差异。\n\n"
+            "**公式** : y_smooth = (1 - e) * y_onehot + e / V\n\n"
+            "其中 e 为平滑系数，V 为词汇表大小。\n\n"
+            "| 参数 | AUC | 准确率 | 分析 |\n"
+            "|------|-----|--------|------|\n"
+            "| 基线 (e=0) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 无防御，MIA风险较高 |\n"
+            "| e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 温和防御，效用保持良好 |\n"
+            "| e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 强力防御，AUC显著下降 |\n\n"
+            "---\n\n"
+            "### 二、输出扰动 (Output Perturbation)\n\n"
+            "**类型** : 推理期防御\n\n"
+            "**原理** : 在推理阶段对模型返回的Loss值添加高斯噪声，"
+            "模糊成员与非成员之间的统计差异，使攻击者难以准确判别。\n\n"
+            "**公式** : Loss_perturbed = Loss_original + N(0, s^2)\n\n"
+            "**核心优势** : 不修改模型参数，准确率完全不变。\n\n"
+            "| 参数 | AUC | AUC降幅 | 准确率 |\n"
+            "|------|-----|---------|--------|\n"
+            "| 基线 (s=0) | " + f"{bl_auc:.4f}" + " | -- | " + f"{bl_acc:.1f}" + "% |\n"
+            "| s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc - op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
+            "| s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc - op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
+            "| s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc - op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n\n"
+            "---\n\n"
+            "### 三、综合对比\n\n"
+            "| 维度 | 标签平滑 | 输出扰动 |\n"
+            "|------|---------|----------|\n"
+            "| 作用阶段 | 训练期 | 推理期 |\n"
+            "| 是否需要重训 | 是 | 否 |\n"
+            "| 对效用的影响 | 可能有影响 | 无影响 |\n"
+            "| 防御机制 | 降低过拟合 | 遮蔽统计信号 |\n"
+            "| 可叠加使用 | 是 | 是 |\n\n"
+            "> **推荐方案** : 标签平滑 (e=0.02) + 输出扰动 (s=0.02) 双重防护\n"
+        )
+
+    # ============================
+    # Tab 6: 效用评估
+    # ============================
+    with gr.Tab("效用评估"):
+        gr.Markdown(
+            "## 模型效用评估\n\n"
+            "> 测试集: 300道数学题，覆盖基础计算、应用题、概念问答三类任务。\n"
+        )
+
+        with gr.Row():
+            with gr.Column():
+                gr.Markdown("### 准确率对比")
+                gr.Plot(value=make_accuracy_bar())
+            with gr.Column():
+                gr.Markdown("### 隐私-效用权衡")
+                gr.Plot(value=make_tradeoff())
+
+        ut = (
+            "### 效用评估详情\n\n"
+            "| 策略 | 准确率 | AUC | 风险等级 | 效用影响 |\n"
+            "|------|--------|-----|---------|----------|\n"
+        )
+        for k, name in [('baseline', '基线'), ('smooth_0.02', '标签平滑 (e=0.02)'),
+                         ('smooth_0.2', '标签平滑 (e=0.2)')]:
+            if k in utility_results and k in mia_results:
+                acc = utility_results[k]['accuracy'] * 100
+                auc = mia_results[k]['auc']
+                impact = "--" if k == 'baseline' else ("提升" if acc > bl_acc else "下降")
+                ut += "| " + name + " | " + f"{acc:.1f}" + "% | " + f"{auc:.4f}" + " | " + risk_badge(auc) + " | " + impact + " |\n"
+        for k, name in [('perturbation_0.01', '输出扰动 (s=0.01)'), ('perturbation_0.02', '输出扰动 (s=0.02)')]:
+            if k in perturb_results:
+                ut += "| " + name + " | " + f"{bl_acc:.1f}" + "% | " + f"{perturb_results[k]['auc']:.4f}" + " | " + risk_badge(perturb_results[k]['auc']) + " | 无影响 |\n"
+        gr.Markdown(ut)
+
+    # ============================
+    # Tab 7: 论文图表
+    # ============================
+    with gr.Tab("论文图表"):
+        gr.Markdown("## 学术图表 (300 DPI)")
+        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1 : Loss分布对比"),
+                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2 : 隐私-效用权衡"),
+                         ("fig3_defense_comparison_bar.png", "图3 : 防御效果柱状图")]:
+            path = os.path.join(BASE_DIR, "figures", fn)
+            if os.path.exists(path):
+                gr.Markdown("### " + cap)
+                gr.Image(value=path, show_label=False, height=420)
+                gr.Markdown("---")
+            else:
+                gr.Markdown("### " + cap + "\n\n> 文件未找到: " + fn)
+
+    # ============================
+    # Tab 8: 研究结论
+    # ============================
+    with gr.Tab("研究结论"):
+        gr.Markdown(
+            "## 研究结论\n\n"
+            "---\n\n"
+            "### 一、教育大模型面临显著的成员推理攻击风险\n\n"
+            "实验结果表明，基于Qwen2.5-Math-1.5B经LoRA微调的教育辅导模型，"
+            "在面对基于Loss的成员推理攻击时，AUC达到 **" + f"{bl_auc:.4f}" + "**，"
+            "显著高于随机猜测基准 (0.5)。这意味着攻击者仅通过观察模型对某一样本的输出置信度，"
+            "即可以高于随机的概率推断该样本是否被纳入训练集。"
+            "在教育场景中，训练数据通常包含学生的姓名、学号、学业成绩等敏感信息，"
+            "上述攻击能力构成了切实的隐私威胁。\n\n"
+            "---\n\n"
+            "### 二、标签平滑作为训练期防御策略的有效性与局限性\n\n"
+            "标签平滑通过软化训练标签分布，抑制模型对训练样本的过度拟合，"
+            "从而缩��成员与非成员之间的Loss分布差异。实验中:\n\n"
+            "- **e=0.02** (温和平滑): AUC从 " + f"{bl_auc:.4f}" + " 降至 " + f"{s002_auc:.4f}"
+            + "，准确率为 " + f"{s002_acc:.1f}" + "%，在隐私保护与效用保持之间取得了较好的平衡。\n"
+            "- **e=0.2** (强力平滑): AUC进一步降至 " + f"{s02_auc:.4f}"
+            + "，防御效果更为显著，准确率为 " + f"{s02_acc:.1f}" + "%。\n\n"
+            "该结果揭示了标签平滑系数的选取需在隐私保护强度与模型效用之间进行权衡。"
+            "过小的平滑系数防御效果有限，而过大的系数可能影响模型在下游任务上的表现。\n\n"
+            "---\n\n"
+            "### 三、输出扰动作为推理期防御策略的独特优势\n\n"
+            "输出扰动在推理阶段对模型输出的Loss值注入高斯噪声，"
+            "其核心优势在于**完全不改变模型参数**，因此对模型效用无任何影响。实验中:\n\n"
+            "- **s=0.02**: AUC从 " + f"{bl_auc:.4f}" + " 降至 " + f"{op002_auc:.4f}"
+            + "，而准确率保持 " + f"{bl_acc:.1f}" + "% 不变。\n\n"
+            "这表明输出扰动是一种**零效用成本**的防御手段，"
+            "特别适合已部署的模型系统进行后期隐私加固，具有良好的工程实用性。\n\n"
+            "---\n\n"
+            "### 四、隐私-效用权衡的定量分析\n\n"
+            "综合所有实验结果，本研究揭示了教育大模型隐私保护中的核心矛盾:\n\n"
+            "| 策略 | AUC (隐私风险) | 准确率 (效用) | 特点 |\n"
+            "|------|----------------|--------------|------|\n"
+            "| 基线 (无防御) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 风险最高 |\n"
+            "| 标签平滑 e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 训练期防御，效用保持良好 |\n"
+            "| 标签平滑 e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 强力防御 |\n"
+            "| 输出扰动 s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 零效用损失 |\n\n"
+            "上述分析表明，将**训练期标签平滑** (e=0.02) 与**推理期输出扰动** (s=0.02) 组合使用，"
+            "可以在两个独立维度上削弱攻击者的推断能力，实现更为全面的隐私保护，"
+            "同时将效用损失控制在可接受范围内。\n"
+        )
+
+    # ============================
+    # 底部
+    # ============================
+    gr.Markdown(
+        "---\n\n"
+        "<center>\n\n"
+        "教育大模型中的成员推理攻击及其防御思路研究\n\n"
+        "Qwen2.5-Math-1.5B | LoRA | MIA | Label Smoothing | Output Perturbation\n\n"
+        "</center>\n"
+    )
 
+# ========================================
+# 5. 启动
+# ========================================
 demo.launch()