Update app.py

app.py

@@ -91,7 +91,7 @@ for i in range(300):
         templates = [
             (f"小明有{a}个苹果，吃掉了{b}个，还剩多少个？", str(a - b)),
             (f"每组有{a}人，共{b}组，一共多少人？", str(a * b)),
-            (f"图书馆有{a}本书，借出{b}本后又买了{c}本，现在有多少本？", str(a - b + c)),
+            (f"图书馆有{a}��书，借出{b}本后又买了{c}本，现在有多少本？", str(a - b + c)),
             (f"商店有{a}支铅笔，卖出{b}支，还剩多少支？", str(a - b)),
             (f"小红有{a}颗糖，小明给了她{b}颗，现在有多少颗？", str(a + b)),
         ]
@@ -138,14 +138,13 @@ def make_loss_distribution():
     for ax, (k, title) in zip(axes, items):
         m = full_results[k]['member_losses']; nm_l = full_results[k]['non_member_losses']
         bins = np.linspace(min(min(m), min(nm_l)), max(max(m), max(nm_l)), 30)
-        ax.hist(m, bins=bins, alpha=0.55, color='#3b82f6', label='Member', density=True)
-        ax.hist(nm_l, bins=bins, alpha=0.55, color='#ef4444', label='Non-Member', density=True)
-        ax.set_title(title, fontsize=13, fontweight='bold', color="#0f172a")
-        ax.set_xlabel('Loss', fontsize=11, color="#475569"); ax.set_ylabel('Density', fontsize=11, color="#475569")
-        ax.legend(fontsize=10, frameon=True, facecolor="white", edgecolor="#e2e8f0"); ax.tick_params(labelsize=10, colors="#475569")
-        ax.grid(True, linestyle=':', alpha=0.4, color="#94a3b8")
+        ax.hist(m, bins=bins, alpha=0.55, color='#5B8FF9', label='Member', density=True)
+        ax.hist(nm_l, bins=bins, alpha=0.55, color='#E86452', label='Non-Member', density=True)
+        ax.set_title(title, fontsize=13, fontweight='bold')
+        ax.set_xlabel('Loss', fontsize=11); ax.set_ylabel('Density', fontsize=11)
+        ax.legend(fontsize=10); ax.tick_params(labelsize=10)
+        ax.grid(True, linestyle='--', alpha=0.3)
         ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
-        ax.spines['bottom'].set_color('#cbd5e1'); ax.spines['left'].set_color('#cbd5e1')
     plt.tight_layout()
     return fig
 
@@ -163,102 +162,96 @@ def make_perturb_loss_distribution():
         nm_pert = nm_losses + np.random.normal(0, sigma, len(nm_losses))
         vals = np.concatenate([m_pert, nm_pert])
         bins = np.linspace(vals.min(), vals.max(), 30)
-        ax.hist(m_pert, bins=bins, alpha=0.55, color='#3b82f6', label='Member+noise', density=True)
-        ax.hist(nm_pert, bins=bins, alpha=0.55, color='#ef4444', label='Non-Member+noise', density=True)
+        ax.hist(m_pert, bins=bins, alpha=0.55, color='#5B8FF9', label='Member+noise', density=True)
+        ax.hist(nm_pert, bins=bins, alpha=0.55, color='#E86452', label='Non-Member+noise', density=True)
         pk = 'perturbation_' + str(sigma)
         pauc = perturb_results.get(pk, {}).get('auc', 0)
-        ax.set_title(f'OP(s={sigma})\nAUC={pauc:.4f}', fontsize=13, fontweight='bold', color="#0f172a")
-        ax.set_xlabel('Loss', fontsize=11, color="#475569"); ax.set_ylabel('Density', fontsize=11, color="#475569")
-        ax.legend(fontsize=9, frameon=True, facecolor="white", edgecolor="#e2e8f0"); ax.tick_params(labelsize=10, colors="#475569")
-        ax.grid(True, linestyle=':', alpha=0.4, color="#94a3b8")
+        ax.set_title(f'OP(s={sigma})\nAUC={pauc:.4f}', fontsize=13, fontweight='bold')
+        ax.set_xlabel('Loss', fontsize=11); ax.set_ylabel('Density', fontsize=11)
+        ax.legend(fontsize=9); ax.tick_params(labelsize=10)
+        ax.grid(True, linestyle='--', alpha=0.3)
         ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
-        ax.spines['bottom'].set_color('#cbd5e1'); ax.spines['left'].set_color('#cbd5e1')
     plt.tight_layout()
     return fig
 
 
 def make_auc_bar():
     methods, aucs, colors = [], [], []
-    for k, n, c in [('baseline', 'Baseline', '#94a3b8'), ('smooth_0.02', 'LS(e=0.02)', '#3b82f6'),
-                     ('smooth_0.2', 'LS(e=0.2)', '#1d4ed8')]:
+    for k, n, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS(e=0.02)', '#5B8FF9'),
+                     ('smooth_0.2', 'LS(e=0.2)', '#3D76DD')]:
         if k in mia_results: methods.append(n); aucs.append(mia_results[k]['auc']); colors.append(c)
-    for k, n, c in [('perturbation_0.01', 'OP(s=0.01)', '#34d399'), ('perturbation_0.015', 'OP(s=0.015)', '#10b981'),
-                     ('perturbation_0.02', 'OP(s=0.02)', '#059669')]:
+    for k, n, c in [('perturbation_0.01', 'OP(s=0.01)', '#5AD8A6'), ('perturbation_0.015', 'OP(s=0.015)', '#2EAD78'),
+                     ('perturbation_0.02', 'OP(s=0.02)', '#1A7F5A')]:
         if k in perturb_results: methods.append(n); aucs.append(perturb_results[k]['auc']); colors.append(c)
     fig, ax = plt.subplots(figsize=(12, 6))
-    bars = ax.bar(methods, aucs, color=colors, width=0.45, edgecolor='none')
+    bars = ax.bar(methods, aucs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, a in zip(bars, aucs):
-        ax.text(bar.get_x()+bar.get_width()/2, bar.get_height()+0.002, f'{a:.4f}', ha='center', va='bottom', fontsize=11, fontweight='bold', color="#1e293b", family='monospace')
-    ax.axhline(y=0.5, color='#ef4444', linestyle='--', linewidth=1.5, alpha=0.8, label='Random Guess (0.5)')
-    ax.set_ylabel('MIA AUC', fontsize=12, color="#475569"); ax.set_ylim(0.48, max(aucs)+0.035)
-    ax.legend(fontsize=10, frameon=False); ax.grid(axis='y', linestyle=':', alpha=0.4, color="#94a3b8")
+        ax.text(bar.get_x()+bar.get_width()/2, bar.get_height()+0.002, f'{a:.4f}', ha='center', va='bottom', fontsize=11, fontweight='bold')
+    ax.axhline(y=0.5, color='#E86452', linestyle='--', linewidth=1.5, alpha=0.6, label='Random Guess (0.5)')
+    ax.set_ylabel('MIA AUC', fontsize=12); ax.set_ylim(0.48, max(aucs)+0.035)
+    ax.legend(fontsize=10); ax.grid(axis='y', linestyle='--', alpha=0.3)
     ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
-    ax.spines['bottom'].set_color('#cbd5e1'); ax.spines['left'].set_color('#cbd5e1')
-    plt.xticks(fontsize=11, color="#334155"); plt.tight_layout()
+    plt.xticks(fontsize=11); plt.tight_layout()
     return fig
 
 
 def make_tradeoff():
     fig, ax = plt.subplots(figsize=(10, 7))
     pts = []
-    for k, n, mk, c, sz in [('baseline','Baseline','o','#94a3b8',220), ('smooth_0.02','LS(e=0.02)','s','#3b82f6',200), ('smooth_0.2','LS(e=0.2)','s','#1d4ed8',200)]:
+    for k, n, mk, c, sz in [('baseline','Baseline','o','#8C8C8C',220), ('smooth_0.02','LS(e=0.02)','s','#5B8FF9',200), ('smooth_0.2','LS(e=0.2)','s','#3D76DD',200)]:
         if k in mia_results and k in utility_results:
             pts.append({'n':n,'a':mia_results[k]['auc'],'c':utility_results[k]['accuracy'],'m':mk,'co':c,'s':sz})
     ba = utility_results.get('baseline',{}).get('accuracy',0.633)
-    for k, n, mk, c, sz in [('perturbation_0.01','OP(s=0.01)','^','#34d399',200), ('perturbation_0.015','OP(s=0.015)','D','#10b981',160), ('perturbation_0.02','OP(s=0.02)','^','#059669',200)]:
+    for k, n, mk, c, sz in [('perturbation_0.01','OP(s=0.01)','^','#5AD8A6',200), ('perturbation_0.015','OP(s=0.015)','D','#2EAD78',160), ('perturbation_0.02','OP(s=0.02)','^','#1A7F5A',200)]:
         if k in perturb_results: pts.append({'n':n,'a':perturb_results[k]['auc'],'c':ba,'m':mk,'co':c,'s':sz})
     for p in pts:
-        ax.scatter(p['c'], p['a'], label=p['n'], marker=p['m'], color=p['co'], s=p['s'], edgecolors='white', linewidth=1.5, zorder=5)
-    ax.axhline(y=0.5, color='#cbd5e1', linestyle='--', alpha=0.8, label='Random Guess')
-    ax.set_xlabel('Utility (Accuracy)', fontsize=12, fontweight='bold', color="#475569"); ax.set_ylabel('Privacy Risk (MIA AUC)', fontsize=12, fontweight='bold', color="#475569")
-    ax.set_title('Privacy-Utility Trade-off', fontsize=14, fontweight='bold', color="#0f172a")
+        ax.scatter(p['c'], p['a'], label=p['n'], marker=p['m'], color=p['co'], s=p['s'], edgecolors='white', linewidth=2, zorder=5)
+    ax.axhline(y=0.5, color='#BFBFBF', linestyle='--', alpha=0.8, label='Random Guess')
+    ax.set_xlabel('Accuracy', fontsize=12, fontweight='bold'); ax.set_ylabel('MIA AUC', fontsize=12, fontweight='bold')
+    ax.set_title('Privacy-Utility Trade-off', fontsize=14, fontweight='bold')
     aa=[p['c'] for p in pts]; ab=[p['a'] for p in pts]
     if aa and ab: ax.set_xlim(min(aa)-0.03,max(aa)+0.05); ax.set_ylim(min(min(ab),0.5)-0.02,max(ab)+0.025)
-    ax.legend(loc='upper right', fontsize=10, frameon=True, facecolor="white", edgecolor="#e2e8f0"); ax.grid(True, linestyle=':', alpha=0.4, color="#94a3b8")
+    ax.legend(loc='upper right', fontsize=9); ax.grid(True, alpha=0.2)
     ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
-    ax.spines['bottom'].set_color('#cbd5e1'); ax.spines['left'].set_color('#cbd5e1')
-    ax.tick_params(colors="#475569")
     plt.tight_layout(); return fig
 
 
 def make_accuracy_bar():
     names, accs, colors = [], [], []
-    for k, n, c in [('baseline','Baseline','#94a3b8'), ('smooth_0.02','LS(e=0.02)','#3b82f6'), ('smooth_0.2','LS(e=0.2)','#1d4ed8')]:
+    for k, n, c in [('baseline','Baseline','#8C8C8C'), ('smooth_0.02','LS(e=0.02)','#5B8FF9'), ('smooth_0.2','LS(e=0.2)','#3D76DD')]:
         if k in utility_results: names.append(n); accs.append(utility_results[k]['accuracy']*100); colors.append(c)
     bp = utility_results.get('baseline',{}).get('accuracy',0)*100
-    for k, n, c in [('perturbation_0.01','OP(s=0.01)','#34d399'), ('perturbation_0.015','OP(s=0.015)','#10b981'), ('perturbation_0.02','OP(s=0.02)','#059669')]:
+    for k, n, c in [('perturbation_0.01','OP(s=0.01)','#5AD8A6'), ('perturbation_0.015','OP(s=0.015)','#2EAD78'), ('perturbation_0.02','OP(s=0.02)','#1A7F5A')]:
         if k in perturb_results: names.append(n); accs.append(bp); colors.append(c)
     fig, ax = plt.subplots(figsize=(12, 6))
-    bars = ax.bar(names, accs, color=colors, width=0.45, edgecolor='none')
+    bars = ax.bar(names, accs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, acc in zip(bars, accs):
-        ax.text(bar.get_x()+bar.get_width()/2, bar.get_height()+1.0, f'{acc:.1f}%', ha='center', va='bottom', fontsize=11, fontweight='bold', color="#1e293b", family='monospace')
-    ax.set_ylabel('Accuracy (%)', fontsize=12, color="#475569"); ax.set_ylim(0, 100)
-    ax.grid(axis='y', linestyle=':', alpha=0.4, color="#94a3b8"); ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
-    ax.spines['bottom'].set_color('#cbd5e1'); ax.spines['left'].set_color('#cbd5e1')
-    plt.xticks(fontsize=11, color="#334155"); plt.tight_layout(); return fig
+        ax.text(bar.get_x()+bar.get_width()/2, bar.get_height()+0.5, f'{acc:.1f}%', ha='center', va='bottom', fontsize=11, fontweight='bold')
+    ax.set_ylabel('Accuracy (%)', fontsize=12); ax.set_ylim(0, 100)
+    ax.grid(axis='y', alpha=0.3); ax.spines['top'].set_visible(False); ax.spines['right'].set_visible(False)
+    plt.xticks(fontsize=11); plt.tight_layout(); return fig
 
 
 def make_loss_gauge(loss_val, m_mean, nm_mean, threshold, m_std, nm_std):
     fig, ax = plt.subplots(figsize=(9, 3))
     x_min = min(m_mean-3*m_std, loss_val-0.01); x_max = max(nm_mean+3*nm_std, loss_val+0.01)
-    ax.axvspan(x_min, threshold, alpha=0.08, color='#3b82f6')
-    ax.axvspan(threshold, x_max, alpha=0.08, color='#ef4444')
-    ax.axvline(x=threshold, color='#0f172a', linewidth=2, zorder=3)
-    ax.text(threshold, 1.12, 'Threshold', ha='center', va='bottom', fontsize=10, fontweight='bold', color='#0f172a', transform=ax.get_xaxis_transform())
-    ax.axvline(x=m_mean, color='#3b82f6', linewidth=1.5, linestyle='--', alpha=0.7)
-    ax.text(m_mean, -0.3, f'Member Mean\n({m_mean:.4f})', ha='center', va='top', fontsize=8, color='#2563eb', transform=ax.get_xaxis_transform(), family='monospace')
-    ax.axvline(x=nm_mean, color='#ef4444', linewidth=1.5, linestyle='--', alpha=0.7)
-    ax.text(nm_mean, -0.3, f'Non-Mem Mean\n({nm_mean:.4f})', ha='center', va='top', fontsize=8, color='#dc2626', transform=ax.get_xaxis_transform(), family='monospace')
-    mc = '#3b82f6' if loss_val < threshold else '#ef4444'
-    ax.plot(loss_val, 0.5, marker='d', markersize=14, color=mc, zorder=5, transform=ax.get_xaxis_transform())
+    ax.axvspan(x_min, threshold, alpha=0.12, color='#5B8FF9')
+    ax.axvspan(threshold, x_max, alpha=0.12, color='#E86452')
+    ax.axvline(x=threshold, color='#434343', linewidth=2, zorder=3)
+    ax.text(threshold, 1.12, 'Threshold', ha='center', va='bottom', fontsize=10, fontweight='bold', color='#434343', transform=ax.get_xaxis_transform())
+    ax.axvline(x=m_mean, color='#5B8FF9', linewidth=1.2, linestyle='--', alpha=0.6)
+    ax.text(m_mean, -0.3, f'Member\n({m_mean:.4f})', ha='center', va='top', fontsize=8, color='#5B8FF9', transform=ax.get_xaxis_transform())
+    ax.axvline(x=nm_mean, color='#E86452', linewidth=1.2, linestyle='--', alpha=0.6)
+    ax.text(nm_mean, -0.3, f'Non-Mem\n({nm_mean:.4f})', ha='center', va='top', fontsize=8, color='#E86452', transform=ax.get_xaxis_transform())
+    mc = '#5B8FF9' if loss_val < threshold else '#E86452'
+    ax.plot(loss_val, 0.5, marker='v', markersize=16, color=mc, zorder=5, transform=ax.get_xaxis_transform())
     ax.text(loss_val, 0.78, f'Loss={loss_val:.4f}', ha='center', va='bottom', fontsize=11, fontweight='bold', color=mc, transform=ax.get_xaxis_transform(),
-            bbox=dict(boxstyle='square,pad=0.4', facecolor='white', edgecolor=mc, alpha=0.95), family='monospace')
-    ax.text((x_min+threshold)/2, 0.5, 'Member Zone', ha='center', va='center', fontsize=11, color='#3b82f6', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
-    ax.text((threshold+x_max)/2, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=11, color='#ef4444', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
+            bbox=dict(boxstyle='round,pad=0.3', facecolor='white', edgecolor=mc, alpha=0.95))
+    ax.text((x_min+threshold)/2, 0.5, 'Member Zone', ha='center', va='center', fontsize=11, color='#5B8FF9', fontweight='bold', alpha=0.5, transform=ax.get_xaxis_transform())
+    ax.text((threshold+x_max)/2, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=11, color='#E86452', fontweight='bold', alpha=0.5, transform=ax.get_xaxis_transform())
     ax.set_xlim(x_min, x_max); ax.set_yticks([])
     for sp in ['top','right','left']: ax.spines[sp].set_visible(False)
-    ax.spines['bottom'].set_color('#cbd5e1')
-    ax.set_xlabel('Loss Value', fontsize=10, color="#475569"); plt.tight_layout(); return fig
+    ax.set_xlabel('Loss Value', fontsize=10); plt.tight_layout(); return fig
 
 
 # ========================================
@@ -270,12 +263,12 @@ def show_random_sample(data_type):
     sample = data[np.random.randint(0, len(data))]
     meta = sample['metadata']
     task_map = {'calculation':'基础计算','word_problem':'应用题','concept':'概念问答','error_correction':'错题订正'}
-    info_md = ("### 🔐 截获的隐私元数据 (Metadata)\n\n"
-        "- **姓名 / Name**: `" + clean_text(str(meta.get('name',''))) + "`\n"
-        "- **学号 / Student ID**: `" + clean_text(str(meta.get('student_id',''))) + "`\n"
-        "- **��级 / Class**: `" + clean_text(str(meta.get('class',''))) + "`\n"
-        "- **成绩 / Score**: `" + clean_text(str(meta.get('score',''))) + " 分`\n"
-        "- **类型 / Task**: `" + task_map.get(sample.get('task_type',''),'') + "`\n")
+    info_md = ("**截获的隐私元数据**\n\n"
+        "- **姓名**: " + clean_text(str(meta.get('name',''))) + "\n"
+        "- **学号**: " + clean_text(str(meta.get('student_id',''))) + "\n"
+        "- **班级**: " + clean_text(str(meta.get('class',''))) + "\n"
+        "- **成绩**: " + clean_text(str(meta.get('score',''))) + " 分\n"
+        "- **类型**: " + task_map.get(sample.get('task_type',''),'') + "\n")
     return info_md, clean_text(sample.get('question','')), clean_text(sample.get('answer',''))
 
 
@@ -334,18 +327,18 @@ def run_mia_demo(sample_index, data_type, model_choice):
     ac = "🔴" if is_member else "🟢"
 
     if attack_correct and pred_member and is_member:
-        v = "⚠️ **攻击成功: 隐私泄露判定 (Privacy Compromised)**"; vd = "系统风控日志：模型对该样本过于熟悉（Loss低于阈值），攻击者成功判定其为训练集数据。"
+        v = "⚠️ **攻击成功: 发生了隐私泄露**"; vd = "模型对该样本过于熟悉（Loss低于阈值），攻击者成功判定其为训练集数据。"
     elif attack_correct:
-        v = "✅ **拦截成功: 边界判定正确 (Boundary Secured)**"; vd = "系统风控日志：样本行为符合非成员特征，攻击者的判定与真实身份一致。"
+        v = "✅ **判断正确**"; vd = "攻击者的判定与真实身份一致。"
     else:
-        v = "🛡️ **防御生效: 攻击失误 (Attack Failed)**"; vd = "系统风控日志：攻击者的探测逻辑失效，模型成功隐藏了真实身份特征。"
-
-    result_md = (f"### {v}\n\n> {vd}\n\n"
-        "**TARGET MODEL**: `" + display_label + "` | **AUC METRIC**: `" + f"{model_auc:.4f}" + "`\n\n"
-        "| INDICATOR | PREDICTION (ATTACKER) | GROUND TRUTH (SYSTEM) |\n|---|---|---|\n"
-        "| STATUS | " + pc + " " + pl + " | " + ac + " " + al + " |\n"
-        "| METRICS | Loss: `" + f"{loss:.4f}" + "` | Threshold: `" + f"{threshold:.4f}" + "` |\n")
-    q_text = "**QUERY TRACKING ID [" + str(idx) + "] :**\n\n" + clean_text(sample.get('question',''))[:500]
+        v = "❌ **攻击失误**"; vd = "攻击者的判定与真实身份不符。"
+
+    result_md = (v + "\n\n" + vd + "\n\n"
+        "**当前攻击模型**: " + display_label + " (AUC=" + f"{model_auc:.4f}" + ")\n\n"
+        "| | 攻击者计算得出 | 系统真实身份 |\n|---|---|---|\n"
+        "| 判定 | " + pc + " " + pl + " | " + ac + " " + al + " |\n"
+        "| Loss | " + f"{loss:.4f}" + " | Threshold: " + f"{threshold:.4f}" + " |\n")
+    q_text = "**样本追踪号 [" + str(idx) + "] :**\n\n" + clean_text(sample.get('question',''))[:500]
     return q_text, gauge_fig, result_md
 
 
@@ -376,213 +369,190 @@ def run_eval_demo(eval_model):
     is_correct = q.get(model_key, q.get('baseline', False))
     icon = "✅" if is_correct else "❌"
     result_md = (
-        "### 📊 在线效用验证测试\n\n"
-        "**TARGET MODEL**: `" + eval_model + "` | **ACCURACY**: `" + f"{overall_acc:.1f}" + "%`\n\n"
-        "| 字段 (FIELD) | 数据 (DATA) |\n|---|---|\n"
-        "| TICKET ID | `#" + str(idx+1) + " / 300` |\n"
-        "| TASK TYPE | `" + q.get('type_cn', q['type']) + "` |\n"
-        "| PROMPT | " + q['question'] + " |\n"
-        "| EXPECTED | " + q['answer'] + " |\n"
-        "| RESULT | " + icon + " " + ("正确 (Correct)" if is_correct else "错误 (Incorrect)") + " |\n\n")
+        "### 测试结果\n\n"
+        "**模型**: " + eval_model + " (总体准确率: " + f"{overall_acc:.1f}" + "%)\n\n"
+        "| 项目 | 内容 |\n|---|---|\n"
+        "| 题目编号 | #" + str(idx+1) + " / 300 |\n"
+        "| 题目类型 | " + q.get('type_cn', q['type']) + " |\n"
+        "| 题目 | " + q['question'] + " |\n"
+        "| 正确答案 | " + q['answer'] + " |\n"
+        "| 模型判定 | " + icon + " " + ("正确" if is_correct else "错误") + " |\n\n")
     if eval_model.startswith("输出扰动"):
-        result_md += "> ℹ️ *SYSTEM NOTE: 输出扰动策略不改变底层权重结构，故维持基线准确率水平。*\n"
+        result_md += "> 输出扰动不改变模型参数，因此准确率与基线完全一致。\n"
     return result_md
 
 
 # ========================================
-# Interface Design (SaaS Dashboard Style)
+# Interface
 # ========================================
 
 CSS = """
-/* Import tech fonts */
-@import url('https://fonts.googleapis.com/css2?family=Fira+Code:wght@400;500;600&family=Inter:wght@400;500;600;700&display=swap');
-
-/* Global Layout & Colors */
-body { background-color: #f1f5f9 !important; font-family: 'Inter', -apple-system, sans-serif !important; }
-.gradio-container { max-width: 1280px !important; margin: auto !important; }
-
-/* Dashboard Tabs Navigation */
-.tab-nav { border-bottom: 1px solid #cbd5e1 !important; margin-bottom: 24px !important; gap: 8px !important; padding: 0 16px !important; background: transparent !important; }
-.tab-nav button { font-family: 'Inter', sans-serif !important; font-size: 14px !important; padding: 12px 24px !important; font-weight: 600 !important; color: #64748b !important; border: none !important; background: transparent !important; border-radius: 6px 6px 0 0 !important; transition: all 0.2s ease !important; letter-spacing: 0.5px !important; }
-.tab-nav button:hover { color: #0f172a !important; background: rgba(15, 23, 42, 0.04) !important; }
-.tab-nav button.selected { color: #2563eb !important; border-bottom: 2px solid #2563eb !important; background: transparent !important; }
-
-/* Dashboard Card Panels */
-.tabitem { background: #ffffff !important; border-radius: 8px !important; box-shadow: 0 4px 6px -1px rgba(0,0,0,0.05), 0 2px 4px -1px rgba(0,0,0,0.03) !important; padding: 32px !important; border: 1px solid #e2e8f0 !important; }
-
-/* Typography & Headings */
-.prose h1 { font-family: 'Inter', sans-serif !important; font-size: 1.8rem !important; color: #0f172a !important; font-weight: 800 !important; text-align: left !important; border-bottom: 1px solid #e2e8f0 !important; padding-bottom: 16px !important; margin-bottom: 24px !important; }
-.prose h2 { display: flex !important; align-items: center !important; font-size: 1.25rem !important; color: #0f172a !important; margin-top: 2rem !important; margin-bottom: 1rem !important; padding-bottom: 0 !important; border-bottom: none !important; font-weight: 700 !important; text-transform: uppercase !important; letter-spacing: 0.05em !important; }
-.prose h2::before { content: ''; display: inline-block !important; width: 4px !important; height: 18px !important; background: #2563eb !important; margin-right: 12px !important; border-radius: 2px !important; }
-.prose h3 { font-size: 1.1rem !important; color: #334155 !important; font-weight: 600 !important; margin-top: 1.5rem !important; }
-
-/* Code & Data Highlights */
-.prose code { font-family: 'Fira Code', monospace !important; font-size: 0.85em !important; background: #f1f5f9 !important; color: #0f172a !important; padding: 2px 6px !important; border-radius: 4px !important; border: 1px solid #e2e8f0 !important; }
-
-/* Modern Data Tables */
-.prose table { width: 100% !important; border-collapse: separate !important; border-spacing: 0 !important; margin: 1.5rem 0 !important; border-radius: 6px !important; overflow: hidden !important; border: 1px solid #e2e8f0 !important; font-family: 'Fira Code', monospace !important; font-size: 0.85rem !important; }
-.prose th { background: #f8fafc !important; color: #475569 !important; font-weight: 600 !important; padding: 12px 16px !important; text-align: left !important; border-bottom: 1px solid #e2e8f0 !important; text-transform: uppercase !important; letter-spacing: 0.05em !important; }
-.prose tr:nth-child(even) td { background: #ffffff !important; }
-.prose td { padding: 12px 16px !important; color: #1e293b !important; border-bottom: 1px solid #f1f5f9 !important; transition: background-color 0.2s !important; }
-.prose tr:last-child td { border-bottom: none !important; }
-.prose tr:hover td { background-color: #f8fafc !important; }
-
-/* Alert / Blockquote Panels */
-.prose blockquote { border-left: 4px solid #3b82f6 !important; background: #eff6ff !important; padding: 16px 20px !important; border-radius: 0 6px 6px 0 !important; color: #1d4ed8 !important; font-weight: 500 !important; font-size: 0.95rem !important; margin: 1.5rem 0 !important; }
-
-/* Interactive Buttons */
-button.primary { background: #0f172a !important; color: #ffffff !important; border: none !important; border-radius: 6px !important; font-family: 'Inter', sans-serif !important; font-weight: 600 !important; font-size: 14px !important; padding: 10px 20px !important; text-transform: uppercase !important; letter-spacing: 0.05em !important; transition: all 0.2s ease !important; box-shadow: 0 4px 6px -1px rgba(15, 23, 42, 0.1) !important; }
-button.primary:hover { background: #1e293b !important; transform: translateY(-1px) !important; box-shadow: 0 6px 10px -1px rgba(15, 23, 42, 0.2) !important; }
-
-/* Hide Gradio Footer */
+body { background-color: #f0f4f8 !important; }
+.gradio-container { max-width: 1200px !important; margin: auto !important; font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "PingFang SC", "Microsoft YaHei", sans-serif !important; }
+.tab-nav { border-bottom: 2px solid #e1e8f0 !important; margin-bottom: 20px !important; }
+.tab-nav button { font-size: 15px !important; padding: 14px 22px !important; font-weight: 500 !important; color: #64748b !important; border-radius: 8px 8px 0 0 !important; background: transparent !important; border: none !important; }
+.tab-nav button.selected { font-weight: 700 !important; color: #2563eb !important; border-bottom: 3px solid #2563eb !important; }
+.tabitem { background: #fff !important; border-radius: 12px !important; box-shadow: 0 4px 20px rgba(0,0,0,0.04) !important; padding: 30px !important; border: 1px solid #e2e8f0 !important; }
+.prose h1 { font-size: 2rem !important; color: #0f172a !important; font-weight: 800 !important; text-align: center !important; }
+.prose h2 { font-size: 1.35rem !important; color: #1e293b !important; margin-top: 1.5em !important; padding-bottom: 0.4em !important; border-bottom: 2px solid #f1f5f9 !important; font-weight: 700 !important; }
+.prose h3 { font-size: 1.1rem !important; color: #334155 !important; font-weight: 600 !important; }
+.prose table { width: 100% !important; border-collapse: separate !important; border-spacing: 0 !important; margin: 1.2em 0 !important; border-radius: 10px !important; overflow: hidden !important; box-shadow: 0 0 0 1px #e2e8f0, 0 4px 6px -1px rgba(0,0,0,0.05) !important; font-size: 0.9rem !important; }
+.prose th { background: #f8fafc !important; color: #475569 !important; font-weight: 600 !important; padding: 10px 14px !important; border-bottom: 2px solid #e2e8f0 !important; }
+.prose tr:nth-child(even) td { background: #f8fafc !important; }
+.prose td { padding: 9px 14px !important; color: #334155 !important; border-bottom: 1px solid #e2e8f0 !important; }
+.prose blockquote { border-left: 4px solid #3b82f6 !important; background: linear-gradient(to right,#eff6ff,#fff) !important; padding: 14px 18px !important; border-radius: 0 8px 8px 0 !important; color: #1e40af !important; }
+button.primary { background: linear-gradient(135deg,#3b82f6 0%,#2563eb 100%) !important; border: none !important; box-shadow: 0 4px 12px rgba(37,99,235,0.25) !important; font-weight: 600 !important; }
 footer { display: none !important; }
 """
 
-# 使用 Base 主题，这剥离了原本 Soft 主题那种廉价的 AI 聊天框感觉
-tech_theme = gr.themes.Base(
-    primary_hue="blue",
-    secondary_hue="slate",
-    neutral_hue="slate",
-    font=[gr.themes.GoogleFont("Inter"), "ui-sans-serif", "system-ui", "sans-serif"]
-)
+with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(primary_hue="blue", secondary_hue="sky", neutral_hue="slate"), css=CSS) as demo:
 
-with gr.Blocks(title="AI Privacy Dashboard", theme=tech_theme, css=CSS) as demo:
+    gr.Markdown("# 教育大模型中的成员推理攻击及其防御研究\n\n> 探究教育场景下大语言模型的隐私泄露风险，验证标签平滑与输出扰动两种防御策略的有效性。\n")
 
-    gr.Markdown("# MODEL PRIVACY AUDIT DASHBOARD\n\n> 探究大语言模型的隐私泄露特征 (MIA)，定量评估防御策略 (Label Smoothing & Output Perturbation) 的干预效能。\n")
-
-    with gr.Tab("SYSTEM OVERVIEW (概览)"):
+    with gr.Tab("项目概览"):
         gr.Markdown(
-            "## 1. BACKGROUND & METRICS\n\n大语言模型在微调链路中存在敏感数据烙印。**成员推理攻击 (Membership Inference Attack, MIA)** 旨在通过探测模型置信度分布，反推数据归属，构成严重的数据合规威胁。\n\n---\n\n"
-            "## 2. PIPELINE ARCHITECTURE\n\n"
-            "| PHASE (阶段) | TARGET (目标) | METHODOLOGY (方法) |\n|------|------|------|\n"
-            "| DATA PREP | 2000 Instances | 生成结构化对话数据，注入合规高危字段 (Metadata) |\n"
-            "| BASELINE | Qwen2.5-Math-1.5B | 基于 LoRA 的标准微调指令学习 (无干预) |\n"
-            "| DEFENSE I | Label Smoothing | 对比训练平滑系数 `e=0.02` 与 `e=0.2` |\n"
-            "| DEFENSE II | Output Perturbation| 在推理端注入方差为 `s` 的高斯噪声 (Gaussian Noise) |\n"
-            "| EVALUATION | 300 Math Queries | 并行测试 3 组基座结构与 3 组扰动参数的模型效用 |\n"
-            "| ANALYSIS | Trade-off Matrix | 绘制 `Privacy-Utility` 多维权衡边界 |\n\n---\n\n"
-            "## 3. EXPERIMENT CONFIG\n\n| KEY | VALUE |\n|------|-----|\n"
-            "| BACKBONE | `" + model_name_str + "` |\n"
-            "| FINE-TUNING | `LoRA (r=8, alpha=16)` |\n| EPOCHS | `10` |\n"
-            "| DATA SIZE | `" + data_size_str + "` |\n| ACTIVE MODELS | `3` |\n")
-
-    with gr.Tab("DATA EXAMINER (数据分析)"):
-        gr.Markdown("## DATASET TOPOLOGY\n\n"
-            "- **MEMBER POOL** (`1000` instances): 模型训练特征库，为 MIA 攻击正样本。\n"
-            "- **NON-MEMBER POOL** (`1000` instances): 对照隔离区，为 MIA 攻击负样本。\n"
-            "- *Note: 两侧数据享有同态 Schema，攻击者处于完全黑盒环境 (Black-box)。*\n\n"
-            "### TASK DISTRIBUTION MATRIX\n\n"
-            "| CATEGORY | COUNT | RATIO |\n|------|------|------|\n"
-            "| 基础计算 (Calculation) | `800` | `40.0%` |\n| 应用题 (Word Problem) | `600` | `30.0%` |\n| 概念问答 (Concept QA) | `400` | `20.0%` |\n| 错题订正 (Error Correction) | `200` | `10.0%` |\n")
+            "## 研究背景\n\n大语言模型在教育领域广泛应用，训练过程不可避免接触学生敏感数据。**成员推理攻击 (MIA)** 能判断数据是否参与训练，构成隐私威胁。\n\n---\n\n"
+            "## 实验设计\n\n"
+            "| 阶段 | 内容 | 方法 |\n|------|------|------|\n"
+            "| 1. 数据准备 | 2000条小学数学辅导对话 | 模板化生成，含隐私字段 |\n"
+            "| 2. 基线模型训练 | Qwen2.5-Math-1.5B + LoRA | 标准微调，无防御 |\n"
+            "| 3. 标签平滑模型训练 | 两组平滑系数 | e=0.02 与 e=0.2 分别训练 |\n"
+            "| 4. MIA攻击测试 | 全部模型及策略 | 三模型Loss攻击 + 三组输出扰动 |\n"
+            "| 5. 效用评估 | 300道数学测试题 | 三模型 + 三组扰动分别测试 |\n"
+            "| 6. 综合分析 | 隐私-效用权衡 | 散点图 + 定量对比 |\n\n---\n\n"
+            "## 实验配置\n\n| 项目 | 值 |\n|------|-----|\n"
+            "| 基座模型 | " + model_name_str + " |\n"
+            "| 微调 | LoRA (r=8, alpha=16) |\n| 训练轮数 | 10 epochs |\n"
+            "| 数据量 | " + data_size_str + " 条 |\n| 模型数 | 3个 |\n")
+
+    with gr.Tab("数据展示"):
+        gr.Markdown("## 数据集概况\n\n"
+            "- **成员数据** (1000条): 用于模型训练，模型会\"记住\"这些数据\n"
+            "- **非成员数据** (1000条): 不参与训练，作为攻击对照组\n"
+            "- 两组数据**格式完全相同**（都含隐私字段），这是MIA实验的标准设置——攻击者无法从数据格式区分成员与非成员\n\n"
+            "### 任务类型分布\n\n"
+            "| 类型 | 数量 | 占比 |\n|------|------|------|\n"
+            "| 基础计算 | 800 | 40% |\n| 应用题 | 600 | 30% |\n| 概念问答 | 400 | 20% |\n| 错题订正 | 200 | 10% |\n")
         with gr.Row():
             with gr.Column():
-                data_sel = gr.Radio(["成员数据（训练集）","非成员数据（测试集）"], value="成员数据（训练集）", label="SELECT DATA POOL")
-                sample_btn = gr.Button("FETCH RANDOM SAMPLE", variant="primary")
+                data_sel = gr.Radio(["成员数据（训练集）","非成员数据（测试集）"], value="成员数据（训练集）", label="选择数据池")
+                sample_btn = gr.Button("随机提取", variant="primary")
                 sample_info = gr.Markdown()
             with gr.Column():
-                sample_q = gr.Textbox(label="PROMPT (INPUT)", lines=5, interactive=False)
-                sample_a = gr.Textbox(label="GROUND TRUTH (OUTPUT)", lines=5, interactive=False)
+                sample_q = gr.Textbox(label="学生提问 (Prompt)", lines=5, interactive=False)
+                sample_a = gr.Textbox(label="模型回答 (Ground Truth)", lines=5, interactive=False)
         sample_btn.click(show_random_sample, [data_sel], [sample_info, sample_q, sample_a])
 
-    with gr.Tab("MIA ATTACK WORKSPACE (攻击工作台)"):
-        gr.Markdown("## LAUNCH INFERENCE ATTACK\n\n配置攻击目标实体与数据源，系统将执行 Loss 计算并映射攻击边界。\n")
+    with gr.Tab("MIA攻击演示"):
+        gr.Markdown("## 发起成员推理攻击\n\n选择攻击目标和数据来源，系统将计算Loss并判定。\n")
         with gr.Row():
             with gr.Column():
                 atk_model = gr.Radio(["基线模型 (Baseline)","标签平滑模型 (e=0.02)","标签平滑模型 (e=0.2)",
-                    "输出扰动 (s=0.01)","输出扰动 (s=0.015)","输出扰动 (s=0.02)"], value="基线模型 (Baseline)", label="TARGET MODEL")
-                atk_type = gr.Radio(["成员数据（训练集）","非成员数据（测试集）"], value="成员数据（训练集）", label="DATA SOURCE")
-                atk_idx = gr.Slider(0, 999, step=1, value=0, label="SAMPLE POINTER (ID)")
-                atk_btn = gr.Button("EXECUTE ATTACK SCRIPT", variant="primary", size="lg")
+                    "输出扰动 (s=0.01)","输出扰动 (s=0.015)","输出扰动 (s=0.02)"], value="基线模型 (Baseline)", label="选择攻击目标")
+                atk_type = gr.Radio(["成员数据（训练集）","非成员数据（测试集）"], value="成员数据（训练集）", label="数据来源")
+                atk_idx = gr.Slider(0, 999, step=1, value=0, label="样本ID (0-999)")
+                atk_btn = gr.Button("执行成员推理攻击", variant="primary", size="lg")
                 atk_question = gr.Markdown()
             with gr.Column():
-                gr.Markdown("**ATTACK TELEMETRY (实时雷达)**")
-                atk_gauge = gr.Plot(label="Loss Distribution Radar")
+                gr.Markdown("**攻击侦测控制台**")
+                atk_gauge = gr.Plot(label="Loss分布雷达")
                 atk_result = gr.Markdown()
         atk_btn.click(run_mia_demo, [atk_idx, atk_type, atk_model], [atk_question, atk_gauge, atk_result])
 
-    with gr.Tab("DEFENSE MATRIX (防御对比)"):
-        gr.Markdown("## MITIGATION STRATEGIES\n\n"
-            "| STRATEGY | STAGE | MECHANISM | PRO (优势) | CON (局限) |\n|------|------|------|---------|--------|\n"
-            "| Label Smoothing | `Training` | 截断过度记忆特征 | AUC 降至 `" + f"{s002_auc:.4f}" + "` | 训练成本增加 |\n"
-            "| Output Perturb | `Inference` | 掩盖输出分布置信度 | AUC 降至 `" + f"{op002_auc:.4f}" + "` (零损耗) | 仅干扰统计推断 |\n")
-        gr.Markdown("### 1. AUC DEGRADATION COMPARISON"); gr.Plot(value=make_auc_bar())
-        gr.Markdown("### 2. LOSS DISTRIBUTION SHIFT (MODEL WEIGHTS)"); gr.Plot(value=make_loss_distribution())
-        gr.Markdown("### 3. LOSS DISTRIBUTION SHIFT (OUTPUT NOISE)"); gr.Plot(value=make_perturb_loss_distribution())
-        tbl = "### BENCHMARK RESULTS\n\n| STRATEGY | STAGE | AUC | ACCURACY | AUC DELTA |\n|------|------|-----|--------|--------|\n"
-        for k, n, cat in [('baseline','Baseline','N/A'),('smooth_0.02','LS(e=0.02)','Training'),('smooth_0.2','LS(e=0.2)','Training')]:
+    with gr.Tab("防御对比"):
+        gr.Markdown("## 防御策略效果对比\n\n"
+            "| 策略 | 类型 | 原理 | 实验优势 | 实验局限 |\n|------|------|------|---------|--------|\n"
+            "| 标签平滑 | 训练期 | 软化标签抑制过度记忆 | AUC降至" + f"{s002_auc:.4f}" + "(e=0.02) | 需重新训练 |\n"
+            "| 输出扰动 | 推理期 | Loss加高斯噪声 | AUC降至" + f"{op002_auc:.4f}" + "(s=0.02)，零效用损失 | 仅遮蔽统计信号 |\n")
+        gr.Markdown("### AUC对比"); gr.Plot(value=make_auc_bar())
+        gr.Markdown("### Loss分布 - 三个模型"); gr.Plot(value=make_loss_distribution())
+        gr.Markdown("### Loss分布 - 输出扰动效果"); gr.Plot(value=make_perturb_loss_distribution())
+        tbl = "### 完整结果\n\n| 策略 | 类型 | AUC | 准确率 | AUC变化 |\n|------|------|-----|--------|--------|\n"
+        for k, n, cat in [('baseline','基线','--'),('smooth_0.02','LS(e=0.02)','训练期'),('smooth_0.2','LS(e=0.2)','训练期')]:
             if k in mia_results:
                 a=mia_results[k]['auc']; acc=utility_results.get(k,{}).get('accuracy',0)*100
-                d = "`--`" if k=='baseline' else f"`{a-bl_auc:+.4f}`"
-                tbl += "| `"+n+"` | `"+cat+"` | `"+f"{a:.4f}"+"` | `"+f"{acc:.1f}"+"%` | "+d+" |\n"
+                d = "--" if k=='baseline' else f"{a-bl_auc:+.4f}"
+                tbl += "| "+n+" | "+cat+" | "+f"{a:.4f}"+" | "+f"{acc:.1f}"+"%"+" | "+d+" |\n"
         for k, n in [('perturbation_0.01','OP(s=0.01)'),('perturbation_0.015','OP(s=0.015)'),('perturbation_0.02','OP(s=0.02)')]:
             if k in perturb_results:
                 a=perturb_results[k]['auc']
-                tbl += "| `"+n+"` | `Inference` | `"+f"{a:.4f}"+"` | `"+f"{bl_acc:.1f}"+"%` (Locked) | `"+f"{a-bl_auc:+.4f}`"+" |\n"
+                tbl += "| "+n+" | 推理期 | "+f"{a:.4f}"+" | "+f"{bl_acc:.1f}"+"% (不变) | "+f"{a-bl_auc:+.4f}"+" |\n"
         gr.Markdown(tbl)
 
-    with gr.Tab("PROTOCOL DOCS (机理分析)"):
+    with gr.Tab("防御详解"):
         gr.Markdown(
-            "## 1. LABEL SMOOTHING (训练期平滑)\n\n"
-            "转换硬标签 (One-hot) 为软标签结构，从梯度层面抑制模型过拟合定势。\n\n"
-            "**ALGORITHM**: `y_smooth = (1 - e) * y_onehot + e / V`\n\n"
-            "| CONFIG | AUC | ACCURACY | BEHAVIOR |\n|------|-----|--------|------|\n"
-            "| `Baseline` | `" + f"{bl_auc:.4f}" + "` | `" + f"{bl_acc:.1f}" + "%` | 高危裸奔 |\n"
-            "| `e=0.02` | `" + f"{s002_auc:.4f}" + "` | `" + f"{s002_acc:.1f}" + "%` | 正则化增强 |\n"
-            "| `e=0.2` | `" + f"{s02_auc:.4f}" + "` | `" + f"{s02_acc:.1f}" + "%` | 防御过载 |\n\n---\n\n"
-            "## 2. OUTPUT PERTURBATION (推理期加噪)\n\n"
-            "剥离模型底座参数修改需求，在输出端挂载置信度混淆代理。\n\n"
-            "**ALGORITHM**: `L_perturbed = L_original + N(0, s^2)`\n\n"
-            "| CONFIG | AUC | DELTA | ACCURACY |\n|------|-----|---------|--------|\n"
-            "| `Baseline` | `" + f"{bl_auc:.4f}" + "` | `--` | `" + f"{bl_acc:.1f}" + "%` |\n"
-            "| `s=0.01` | `" + f"{op001_auc:.4f}" + "` | `" + f"{bl_auc-op001_auc:.4f}" + "` | `" + f"{bl_acc:.1f}" + "%` |\n"
-            "| `s=0.015` | `" + f"{op0015_auc:.4f}" + "` | `" + f"{bl_auc-op0015_auc:.4f}" + "` | `" + f"{bl_acc:.1f}" + "%` |\n"
-            "| `s=0.02` | `" + f"{op002_auc:.4f}" + "` | `" + f"{bl_auc-op002_auc:.4f}" + "` | `" + f"{bl_acc:.1f}" + "%` |\n\n---\n\n"
-            "## 3. COMPARATIVE ARCHITECTURE\n\n| METRIC | LABEL SMOOTHING | OUTPUT PERTURBATION |\n|------|---------|----------|\n"
-            "| ENTRY POINT | `Training Time` | `Inference Time` |\n| RETRAIN REQ | `Yes` | `No` |\n| UTILITY IMPACT | `Variable (can improve)` | `Zero Loss` |\n| DEFENSE CORE | `Suppress Memorization` | `Statistical Obfuscation` |\n")
-
-    with gr.Tab("UTILITY EVAL (效用监控)"):
-        gr.Markdown("## UTILITY BENCHMARK\n\n> 从 300 条基准测例集中进行流式抽样，监控模型真实推理能力。\n")
+            "## 一、标签平滑 (Label Smoothing)\n\n**类型**: 训练期防御\n\n"
+            "将训练标签从硬标签转换为软标签，降低过拟合。\n\n"
+            "**公式**: y_smooth = (1 - e) * y_onehot + e / V\n\n"
+            "其中 e 为平滑系数，V 为词汇表大小。\n\n"
+            "| 参数 | AUC | 准确率 | 分析 |\n|------|-----|--------|------|\n"
+            "| 基线 (e=0) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 无防御 |\n"
+            "| e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 温和平滑 |\n"
+            "| e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 强力平滑 |\n\n---\n\n"
+            "## 二、输出扰动 (Output Perturbation)\n\n**类型**: 推理期防御\n\n"
+            "在推理阶段对Loss注入高斯噪声。\n\n"
+            "**公式**: L_perturbed = L_original + N(0, s^2)\n\n"
+            "| 参数 | AUC | AUC降幅 | 准确率 |\n|------|-----|---------|--------|\n"
+            "| 基线 | " + f"{bl_auc:.4f}" + " | -- | " + f"{bl_acc:.1f}" + "% |\n"
+            "| s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc-op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% |\n"
+            "| s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc-op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% |\n"
+            "| s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc-op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% |\n\n---\n\n"
+            "## 三、综合对比\n\n| 维度 | 标签平滑 | 输出扰动 |\n|------|---------|----------|\n"
+            "| 作用阶段 | 训练期 | 推理期 |\n| 需要重训 | 是 | 否 |\n| 效用影响 | 取决于系数 | 无 |\n| 防御原理 | 降低记忆 | 遮蔽信号 |\n| 部署难度 | 训练介入 | 即插即用 |\n")
+
+    with gr.Tab("效用评估"):
+        gr.Markdown("## 效用评估\n\n> 从300道测试题中随机抽取，展示模型的实际作答情况。\n")
         with gr.Row():
             with gr.Column():
-                gr.Markdown("### ACCURACY RETENTION"); gr.Plot(value=make_accuracy_bar())
+                gr.Markdown("### 准确率对比"); gr.Plot(value=make_accuracy_bar())
             with gr.Column():
-                gr.Markdown("### PRIVACY-UTILITY TRADE-OFF"); gr.Plot(value=make_tradeoff())
-        gr.Markdown("### LIVE UTILITY INFERENCE")
+                gr.Markdown("### 隐私-效用权衡"); gr.Plot(value=make_tradeoff())
+        gr.Markdown("### 在线效用测试")
         with gr.Row():
             with gr.Column():
                 eval_model = gr.Radio(["基线模型 (Baseline)","标签平滑模型 (e=0.02)","标签平滑模型 (e=0.2)",
-                    "输出扰动 (s=0.01)","输出扰动 (s=0.015)","输出扰动 (s=0.02)"], value="基线模型 (Baseline)", label="SELECT PIPELINE")
-                eval_btn = gr.Button("RUN VALIDATION TASK", variant="primary")
+                    "输出扰动 (s=0.01)","输出扰动 (s=0.015)","输出扰动 (s=0.02)"], value="基线模型 (Baseline)", label="选择模型/策略")
+                eval_btn = gr.Button("随机抽题测试", variant="primary")
             with gr.Column():
                 eval_result = gr.Markdown()
         eval_btn.click(run_eval_demo, [eval_model], [eval_result])
 
-    with gr.Tab("REPORTS & VIZ (报告大盘)"):
-        gr.Markdown("## HIGH-RES EXPORT GRAPHICS")
-        for fn, cap in [("fig1_loss_distribution_comparison.png","Fig 1: Base Loss Distribution Analysis"),
-                         ("fig2_privacy_utility_tradeoff_fixed.png","Fig 2: Utility-Privacy Multi-dimensional Border"),
-                         ("fig3_defense_comparison_bar.png","Fig 3: Aggregate Defense Efficacy")]:
+    with gr.Tab("实验结果可视化"):
+        gr.Markdown("## 实验核心图表")
+        for fn, cap in [("fig1_loss_distribution_comparison.png","图1: 成员与非成员Loss分布对比"),
+                         ("fig2_privacy_utility_tradeoff_fixed.png","图2: 隐私风险与模型效用权衡"),
+                         ("fig3_defense_comparison_bar.png","图3: 各防御策略AUC对比")]:
             p = os.path.join(BASE_DIR,"figures",fn)
             if os.path.exists(p):
                 gr.Markdown("### "+cap); gr.Image(value=p, show_label=False, height=450); gr.Markdown("---")
 
-    with gr.Tab("FINAL VERDICT (结论)"):
+    with gr.Tab("研究结论"):
         gr.Markdown(
-            "## EXECUTIVE SUMMARY\n\n---\n\n"
-            "### 1. VULNERABILITY DETECTED\n\n"
-            "Baseline Pipeline AUC = **`" + f"{bl_auc:.4f}" + "`**. 成员平均 Loss (`" + f"{bl_m_mean:.4f}" + "`) 显著低于对照组 (`" + f"{bl_nm_mean:.4f}" + "`)。教育大模型底座在微调后遗留强烈的置信度印记。\n\n---\n\n"
-            "### 2. LABEL SMOOTHING (EVAL)\n\n"
-            "| CONFIG | AUC | ACCURACY | NOTE |\n|------|-----|--------|------|\n"
-            "| `Baseline` | `" + f"{bl_auc:.4f}" + "` | `" + f"{bl_acc:.1f}" + "%` | - |\n"
-            "| `e=0.02` | `" + f"{s002_auc:.4f}" + "` | `" + f"{s002_acc:.1f}" + "%` | 正则化释放泛化红利 |\n"
-            "| `e=0.2` | `" + f"{s02_auc:.4f}" + "` | `" + f"{s02_acc:.1f}" + "%` | 强防御区间 |\n\n"
-            "**结论**: 微量标签平滑表现出卓越的正向权衡。\n\n---\n\n"
-            "### 3. OUTPUT PERTURBATION (EVAL)\n\n"
-            "| CONFIG | AUC | ACCURACY |\n|------|-----|--------|\n"
-            "| `s=0.01` | `" + f"{op001_auc:.4f}" + "` | `" + f"{bl_acc:.1f}" + "%` |\n"
-            "| `s=0.02` | `" + f"{op002_auc:.4f}" + "` | `" + f"{bl_acc:.1f}" + "%` |\n\n"
-            "**结论**: 零效用磨损，部署环境的轻量级首选方案。\n")
-
-    gr.Markdown("---\n\n<center><code style='color:#94a3b8;background:transparent;border:none;'>SYSTEM BUILD: 2026.03 | ARCHITECTURE: QWEN2.5-MATH-1.5B | STATUS: OPERATIONAL</code></center>\n")
+            "## 研究结论\n\n---\n\n"
+            "### 一、教育大模型面临显著的MIA风险\n\n"
+            "基线模型 AUC = **" + f"{bl_auc:.4f}" + "**，成员平均Loss (" + f"{bl_m_mean:.4f}" + ") 低于非成员 (" + f"{bl_nm_mean:.4f}" + ")，模型对训练数据存在可被利用的记忆效应。\n\n---\n\n"
+            "### 二、标签平滑的有效性与局限性\n\n"
+            "| 参数 | AUC | 准确率 | 分析 |\n|------|-----|--------|------|\n"
+            "| 基线 (e=0) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 无防御 |\n"
+            "| e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 正则化提升泛化 |\n"
+            "| e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 防御更强 |\n\n"
+            "e=0.02在隐私保护与效用保持间取得较好平衡。\n\n---\n\n"
+            "### 三、输出扰动的独特优势\n\n"
+            "| 参数 | AUC | AUC降幅 | 准确率 |\n|------|-----|---------|--------|\n"
+            "| s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc-op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% |\n"
+            "| s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc-op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% |\n"
+            "| s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc-op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% |\n\n"
+            "零效用损失，适合已部署系统加固。\n\n---\n\n"
+            "### 四、隐私-效用权衡\n\n"
+            "| 策略 | AUC | 准确率 | AUC变化 | 效用变化 |\n|------|-----|--------|--------|--------|\n"
+            "| 基线 | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | -- | -- |\n"
+            "| LS e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | " + f"{s002_auc-bl_auc:+.4f}" + " | " + f"{s002_acc-bl_acc:+.1f}" + "pp |\n"
+            "| LS e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | " + f"{s02_auc-bl_auc:+.4f}" + " | " + f"{s02_acc-bl_acc:+.1f}" + "pp |\n"
+            "| OP s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op001_auc-bl_auc:+.4f}" + " | 0 |\n"
+            "| OP s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op0015_auc-bl_auc:+.4f}" + " | 0 |\n"
+            "| OP s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op002_auc-bl_auc:+.4f}" + " | 0 |\n\n"
+            "两类策略机制互补，可根据场景灵活选择或组合。\n")
+
+    gr.Markdown("---\n\n<center>教育大模型中的成员推理攻击及其防御思路研究</center>\n")
 
 demo.launch()