Update app.py

app.py

@@ -1,10 +1,7 @@
-# ================================================================
-# 🎓 教育大模型中的成员推理攻击及其防御研究
-#    完整演示界面 - Hugging Face Spaces 永久部署版
-# ================================================================
-
 import os
 import json
+import io
+import re
 import numpy as np
 import matplotlib
 matplotlib.use('Agg')
@@ -12,18 +9,25 @@ import matplotlib.pyplot as plt
 import gradio as gr
 
 # ========================================
-# 1. 加载所有数据
+# 1. 数据加载
 # ========================================
-
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
 
 def load_json(path):
-    full = os.path.join(BASE_DIR, path)
-    with open(full, 'r', encoding='utf-8') as f:
+    with open(os.path.join(BASE_DIR, path), 'r', encoding='utf-8') as f:
         return json.load(f)
 
 
+def clean_text(text):
+    """清理文本中的特殊字符和emoji，防止乱码"""
+    # 移除emoji和特殊Unicode字符
+    text = re.sub(r'[\U00010000-\U0010ffff]', '', text)
+    # 移除其他可能导致乱码的字符
+    text = text.encode('utf-8', errors='ignore').decode('utf-8')
+    return text
+
+
 member_data = load_json("data/member.json")
 non_member_data = load_json("data/non_member.json")
 mia_results = load_json("results/mia_results.json")
@@ -32,7 +36,6 @@ perturb_results = load_json("results/perturbation_results.json")
 full_results = load_json("results/mia_full_results.json")
 config = load_json("config.json")
 
-# 字体
 plt.rcParams['font.sans-serif'] = ['DejaVu Sans']
 plt.rcParams['axes.unicode_minus'] = False
 
@@ -50,10 +53,12 @@ s02_acc = utility_results.get('smooth_0.2', {}).get('accuracy', 0) * 100
 
 bl_m_mean = mia_results.get('baseline', {}).get('member_loss_mean', 0.19)
 bl_nm_mean = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.23)
+bl_m_std = mia_results.get('baseline', {}).get('member_loss_std', 0.03)
+bl_nm_std = mia_results.get('baseline', {}).get('non_member_loss_std', 0.03)
 
 model_name_str = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
 gpu_name_str = config.get('gpu_name', 'T4')
-data_size_str = config.get('data_size', 2000)
+data_size_str = str(config.get('data_size', 2000))
 setup_date_str = config.get('setup_date', 'N/A')
 
 
@@ -74,153 +79,225 @@ def make_pie_chart():
     }
     labels = [name_map.get(k, k) for k in task_counts]
     sizes = list(task_counts.values())
-    colors = ['#FF6B6B', '#4ECDC4', '#45B7D1', '#96CEB4']
-    fig, ax = plt.subplots(figsize=(8, 6))
-    ax.pie(
+    colors = ['#5B8FF9', '#5AD8A6', '#F6BD16', '#E86452']
+    fig, ax = plt.subplots(figsize=(7, 5.5))
+    wedges, texts, autotexts = ax.pie(
         sizes, labels=labels, autopct='%1.1f%%',
-        colors=colors[:len(labels)], explode=[0.04] * len(labels),
-        shadow=True, startangle=90, textprops={'fontsize': 11}
+        colors=colors[:len(labels)],
+        startangle=90, textprops={'fontsize': 11},
+        wedgeprops={'edgecolor': 'white', 'linewidth': 2}
     )
-    ax.set_title('Task Distribution (2000 samples)', fontsize=14, fontweight='bold', pad=15)
+    for t in autotexts:
+        t.set_fontsize(11)
+        t.set_fontweight('bold')
+    ax.set_title('Task Type Distribution', fontsize=14, fontweight='bold', pad=12)
     plt.tight_layout()
     return fig
 
 
 def make_loss_distribution():
     plot_items = []
-    for k, t in [('baseline', 'Baseline'), ('smooth_0.02', 'LS e=0.02'), ('smooth_0.2', 'LS e=0.2')]:
+    for k, t in [('baseline', 'Baseline'), ('smooth_0.02', 'LS (e=0.02)'), ('smooth_0.2', 'LS (e=0.2)')]:
         if k in full_results:
             auc = mia_results.get(k, {}).get('auc', 0)
-            plot_items.append((k, t + " (AUC=" + f"{auc:.4f}" + ")"))
+            plot_items.append((k, t + " | AUC=" + f"{auc:.4f}"))
     n = len(plot_items)
     if n == 0:
         fig, ax = plt.subplots()
         ax.text(0.5, 0.5, 'No data', ha='center')
         return fig
-    fig, axes = plt.subplots(1, n, figsize=(6 * n, 5))
+    fig, axes = plt.subplots(1, n, figsize=(5.5 * n, 4.5))
     if n == 1:
         axes = [axes]
     for ax, (k, title) in zip(axes, plot_items):
         m = full_results[k]['member_losses']
         nm = full_results[k]['non_member_losses']
-        bins = np.linspace(min(min(m), min(nm)), max(max(m), max(nm)), 40)
-        ax.hist(m, bins=bins, alpha=0.55, color='#4A90D9',
-                label='Members (u=' + f"{np.mean(m):.3f}" + ')', density=True)
-        ax.hist(nm, bins=bins, alpha=0.55, color='#E74C3C',
-                label='Non-Members (u=' + f"{np.mean(nm):.3f}" + ')', density=True)
+        bins = np.linspace(min(min(m), min(nm)), max(max(m), max(nm)), 35)
+        ax.hist(m, bins=bins, alpha=0.6, color='#5B8FF9', label='Member', density=True)
+        ax.hist(nm, bins=bins, alpha=0.6, color='#E86452', label='Non-Member', density=True)
         ax.set_title(title, fontsize=12, fontweight='bold')
-        ax.set_xlabel('Loss')
-        ax.set_ylabel('Density')
-        ax.legend(fontsize=9)
-        ax.grid(True, linestyle='--', alpha=0.4)
+        ax.set_xlabel('Loss', fontsize=10)
+        ax.set_ylabel('Density', fontsize=10)
+        ax.legend(fontsize=9, framealpha=0.9)
+        ax.grid(True, linestyle='--', alpha=0.3)
+        ax.spines['top'].set_visible(False)
+        ax.spines['right'].set_visible(False)
     plt.tight_layout()
     return fig
 
 
 def make_auc_bar():
     methods, aucs, colors = [], [], []
-    for k, name, c in [('baseline', 'Baseline', '#95A5A6'), ('smooth_0.02', 'LS e=0.02', '#5B9BD5'),
-                        ('smooth_0.2', 'LS e=0.2', '#2E5FA1')]:
+    items = [
+        ('baseline', 'Baseline', '#8C8C8C'),
+        ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'),
+        ('smooth_0.2', 'LS (e=0.2)', '#3D76DD'),
+    ]
+    for k, name, c in items:
         if k in mia_results:
             methods.append(name)
             aucs.append(mia_results[k]['auc'])
             colors.append(c)
-    for k, name, c in [('perturbation_0.01', 'OP s=0.01', '#27AE60'),
-                        ('perturbation_0.015', 'OP s=0.015', '#1E8449'),
-                        ('perturbation_0.02', 'OP s=0.02', '#145A32')]:
+    p_items = [
+        ('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'),
+        ('perturbation_0.015', 'OP (s=0.015)', '#2EAD78'),
+        ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A'),
+    ]
+    for k, name, c in p_items:
         if k in perturb_results:
             methods.append(name)
             aucs.append(perturb_results[k]['auc'])
             colors.append(c)
-    fig, ax = plt.subplots(figsize=(11, 6))
-    bars = ax.bar(methods, aucs, color=colors, width=0.55, edgecolor='white', linewidth=1.5)
+    fig, ax = plt.subplots(figsize=(10, 5.5))
+    bars = ax.bar(methods, aucs, color=colors, width=0.52, edgecolor='white', linewidth=1.5)
     for bar, a in zip(bars, aucs):
-        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.004,
-                f'{a:.3f}', ha='center', va='bottom', fontsize=13, fontweight='bold')
-    ax.axhline(y=0.5, color='red', linestyle='--', linewidth=2, label='Random Guess (0.5)')
-    ax.axhline(y=bl_auc, color='black', linestyle=':', linewidth=1.5, label='Baseline')
-    ax.set_ylabel('MIA AUC', fontsize=13)
-    ax.set_title('All Defense Mechanisms - AUC', fontsize=14, fontweight='bold')
-    ax.set_ylim(0.45, max(aucs) + 0.06 if aucs else 1.0)
-    ax.legend(fontsize=11)
-    ax.grid(axis='y', linestyle='--', alpha=0.4)
-    plt.xticks(rotation=10)
+        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.003,
+                f'{a:.4f}', ha='center', va='bottom', fontsize=11, fontweight='bold')
+    ax.axhline(y=0.5, color='#E86452', linestyle='--', linewidth=1.5, alpha=0.7, label='Random Guess (0.5)')
+    ax.set_ylabel('MIA AUC', fontsize=12)
+    ax.set_title('Defense Mechanisms - AUC Comparison', fontsize=14, fontweight='bold')
+    ax.set_ylim(0.48, max(aucs) + 0.04 if aucs else 1.0)
+    ax.legend(fontsize=10)
+    ax.grid(axis='y', linestyle='--', alpha=0.3)
+    ax.spines['top'].set_visible(False)
+    ax.spines['right'].set_visible(False)
+    plt.xticks(rotation=8)
     plt.tight_layout()
     return fig
 
 
 def make_tradeoff():
-    fig, ax = plt.subplots(figsize=(10, 7))
+    fig, ax = plt.subplots(figsize=(9, 6.5))
     points = []
     for k, name, marker, color, sz in [
-        ('baseline', 'Baseline', 'o', 'black', 180),
-        ('smooth_0.02', 'LS e=0.02', 's', '#5B9BD5', 160),
-        ('smooth_0.2', 'LS e=0.2', 's', '#2E5FA1', 160)]:
+        ('baseline', 'Baseline', 'o', '#8C8C8C', 200),
+        ('smooth_0.02', 'LS (e=0.02)', 's', '#5B8FF9', 180),
+        ('smooth_0.2', 'LS (e=0.2)', 's', '#3D76DD', 180)]:
         if k in mia_results and k in utility_results:
             points.append({'name': name, 'auc': mia_results[k]['auc'],
                            'acc': utility_results[k]['accuracy'],
                            'marker': marker, 'color': color, 'size': sz})
     base_acc = utility_results.get('baseline', {}).get('accuracy', 0.633)
     for k, name, marker, color, sz in [
-        ('perturbation_0.01', 'OP s=0.01', '^', '#27AE60', 170),
-        ('perturbation_0.02', 'OP s=0.02', '^', '#145A32', 170)]:
+        ('perturbation_0.01', 'OP (s=0.01)', '^', '#5AD8A6', 190),
+        ('perturbation_0.02', 'OP (s=0.02)', '^', '#1A7F5A', 190)]:
         if k in perturb_results:
             points.append({'name': name, 'auc': perturb_results[k]['auc'],
                            'acc': base_acc, 'marker': marker, 'color': color, 'size': sz})
     for p in points:
         ax.scatter(p['acc'], p['auc'], label=p['name'], marker=p['marker'],
-                   color=p['color'], s=p['size'], edgecolors='white', linewidth=1.5, zorder=5)
-    ax.axhline(y=0.5, color='gray', linestyle='--', alpha=0.7, label='Random Guess (0.5)')
-    ax.set_xlabel('Accuracy', fontsize=13, fontweight='bold')
-    ax.set_ylabel('MIA AUC (Privacy Risk)', fontsize=13, fontweight='bold')
+                   color=p['color'], s=p['size'], edgecolors='white', linewidth=2, zorder=5)
+    ax.axhline(y=0.5, color='#BFBFBF', linestyle='--', alpha=0.8, label='Random Guess')
+    ax.set_xlabel('Model Utility (Accuracy)', fontsize=12, fontweight='bold')
+    ax.set_ylabel('Privacy Risk (MIA AUC)', fontsize=12, fontweight='bold')
     ax.set_title('Privacy-Utility Trade-off', fontsize=14, fontweight='bold')
     all_acc = [p['acc'] for p in points]
     all_auc = [p['auc'] for p in points]
     if all_acc and all_auc:
         ax.set_xlim(min(all_acc) - 0.03, max(all_acc) + 0.05)
-        ax.set_ylim(min(min(all_auc), 0.5) - 0.02, max(all_auc) + 0.02)
-    ax.legend(loc='upper right', frameon=True, shadow=True, fontsize=10)
-    ax.grid(True, alpha=0.3)
+        ax.set_ylim(min(min(all_auc), 0.5) - 0.02, max(all_auc) + 0.025)
+    ax.legend(loc='upper right', frameon=True, fontsize=9, fancybox=True)
+    ax.grid(True, alpha=0.2)
+    ax.spines['top'].set_visible(False)
+    ax.spines['right'].set_visible(False)
     plt.tight_layout()
     return fig
 
 
 def make_accuracy_bar():
     names, accs, colors = [], [], []
-    for k, name, c in [('baseline', 'Baseline', '#95A5A6'), ('smooth_0.02', 'LS e=0.02', '#5B9BD5'),
-                        ('smooth_0.2', 'LS e=0.2', '#2E5FA1')]:
+    for k, name, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'),
+                        ('smooth_0.2', 'LS (e=0.2)', '#3D76DD')]:
         if k in utility_results:
             names.append(name)
             accs.append(utility_results[k]['accuracy'] * 100)
             colors.append(c)
     base_pct = utility_results.get('baseline', {}).get('accuracy', 0) * 100
-    for k, name, c in [('perturbation_0.01', 'OP s=0.01', '#27AE60'),
-                        ('perturbation_0.02', 'OP s=0.02', '#145A32')]:
+    for k, name, c in [('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'),
+                        ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A')]:
         if k in perturb_results:
             names.append(name)
             accs.append(base_pct)
             colors.append(c)
-    fig, ax = plt.subplots(figsize=(11, 6))
+    fig, ax = plt.subplots(figsize=(10, 5.5))
     bars = ax.bar(names, accs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, acc in zip(bars, accs):
-        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.8,
-                f'{acc:.1f}%', ha='center', va='bottom', fontsize=13, fontweight='bold')
-    ax.set_ylabel('Accuracy (%)', fontsize=13)
+        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.6,
+                f'{acc:.1f}%', ha='center', va='bottom', fontsize=11, fontweight='bold')
+    ax.set_ylabel('Accuracy (%)', fontsize=12)
     ax.set_title('Model Utility (300 Math Questions)', fontsize=14, fontweight='bold')
     ax.set_ylim(0, 100)
     ax.grid(axis='y', alpha=0.3)
-    plt.xticks(rotation=10)
+    ax.spines['top'].set_visible(False)
+    ax.spines['right'].set_visible(False)
+    plt.xticks(rotation=8)
+    plt.tight_layout()
+    return fig
+
+
+def make_loss_gauge(loss_val, m_mean, nm_mean, threshold):
+    """生成精致的Loss位置可视化图表（替代粗糙的ASCII字符画）"""
+    fig, ax = plt.subplots(figsize=(8, 2.5))
+
+    # 绘制底部色条
+    x_min = min(m_mean - 3 * bl_m_std, loss_val - 0.01)
+    x_max = max(nm_mean + 3 * bl_nm_std, loss_val + 0.01)
+
+    # 成员区域（蓝色渐变）
+    ax.axvspan(x_min, threshold, alpha=0.15, color='#5B8FF9')
+    # 非成员区域（红色渐变）
+    ax.axvspan(threshold, x_max, alpha=0.15, color='#E86452')
+
+    # 阈值线
+    ax.axvline(x=threshold, color='#595959', linewidth=2, linestyle='-', zorder=3)
+    ax.text(threshold, 1.15, 'Threshold', ha='center', va='bottom', fontsize=9,
+            fontweight='bold', color='#595959', transform=ax.get_xaxis_transform())
+
+    # 成员均值标记
+    ax.axvline(x=m_mean, color='#5B8FF9', linewidth=1.5, linestyle='--', alpha=0.7)
+    ax.text(m_mean, -0.25, f'Member\n({m_mean:.4f})', ha='center', va='top', fontsize=8,
+            color='#5B8FF9', transform=ax.get_xaxis_transform())
+
+    # 非成员均值标记
+    ax.axvline(x=nm_mean, color='#E86452', linewidth=1.5, linestyle='--', alpha=0.7)
+    ax.text(nm_mean, -0.25, f'Non-Member\n({nm_mean:.4f})', ha='center', va='top', fontsize=8,
+            color='#E86452', transform=ax.get_xaxis_transform())
+
+    # 当前样本标记（大箭头）
+    is_member_zone = loss_val < threshold
+    marker_color = '#5B8FF9' if is_member_zone else '#E86452'
+    ax.plot(loss_val, 0.5, marker='v', markersize=18, color=marker_color, zorder=5,
+            transform=ax.get_xaxis_transform())
+    label_text = f'Loss={loss_val:.4f}'
+    ax.text(loss_val, 0.75, label_text, ha='center', va='bottom', fontsize=10,
+            fontweight='bold', color=marker_color, transform=ax.get_xaxis_transform(),
+            bbox=dict(boxstyle='round,pad=0.3', facecolor='white', edgecolor=marker_color, alpha=0.9))
+
+    # 区域标签
+    member_center = (x_min + threshold) / 2
+    nonmember_center = (threshold + x_max) / 2
+    ax.text(member_center, 0.5, 'Member Zone', ha='center', va='center', fontsize=10,
+            color='#5B8FF9', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
+    ax.text(nonmember_center, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=10,
+            color='#E86452', fontweight='bold', alpha=0.6, transform=ax.get_xaxis_transform())
+
+    ax.set_xlim(x_min, x_max)
+    ax.set_yticks([])
+    ax.spines['top'].set_visible(False)
+    ax.spines['right'].set_visible(False)
+    ax.spines['left'].set_visible(False)
+    ax.set_xlabel('Loss Value', fontsize=10)
     plt.tight_layout()
     return fig
 
 
 def risk_badge(auc_val):
     if auc_val > 0.62:
-        return "🔴 高"
+        return "High"
     elif auc_val > 0.55:
-        return "🟡 中"
+        return "Medium"
     else:
-        return "🟢 低"
+        return "Low"
 
 
 # ========================================
@@ -241,7 +318,7 @@ def show_random_sample(data_type):
         'error_correction': '错题订正'
     }
     info = (
-        "### 📋 样本元信息（隐私字段）\n\n"
+        "### 样本元信息（隐私字段）\n\n"
         "| 字段 | 值 |\n"
         "|------|-----|\n"
         "| **姓名** | " + str(meta['name']) + " |\n"
@@ -249,13 +326,12 @@ def show_random_sample(data_type):
         "| **班级** | " + str(meta['class']) + " |\n"
         "| **成绩** | " + str(meta['score']) + " 分 |\n"
         "| **任务类型** | " + task_map.get(sample['task_type'], sample['task_type']) + " |\n\n"
-        "> ⚠️ 以上就是攻击者试图推断的**学生隐私信息**！\n"
+        "> 以上即为攻击者试图推断的 **学生隐私信息**\n"
     )
-    return info, sample['question'], sample['answer']
+    return info, clean_text(sample['question']), clean_text(sample['answer'])
 
 
 def run_mia_demo(sample_index, data_type):
-    # 判断成员/非成员
     if data_type == "成员数据（训练集）":
         is_member = True
         data = member_data
@@ -266,7 +342,6 @@ def run_mia_demo(sample_index, data_type):
     idx = min(int(sample_index), len(data) - 1)
     sample = data[idx]
 
-    # 获取真实 loss
     bl = full_results.get('baseline', {})
     if is_member and idx < len(bl.get('member_losses', [])):
         loss = bl['member_losses'][idx]
@@ -283,108 +358,138 @@ def run_mia_demo(sample_index, data_type):
     actual_member = is_member
     attack_correct = (pred_member == actual_member)
 
-    # 可视化进度条
-    bar_total = 40
-    if bl_nm_mean > bl_m_mean:
-        ratio = (loss - bl_m_mean) / (bl_nm_mean - bl_m_mean)
-    else:
-        ratio = 0.5
-    ratio = max(0.0, min(1.0, ratio))
-    pos = int(bar_total * ratio)
-    bar_visual = "=" * pos + "V" + "=" * (bar_total - pos)
-
-    if pred_member:
-        position_text = "成员区（左侧）⚠️ 隐私风险"
-    else:
-        position_text = "非成员区（右侧）✅ 相对安全"
+    # 生成精致的可视化图表
+    gauge_fig = make_loss_gauge(loss, bl_m_mean, bl_nm_mean, threshold)
 
     if pred_member:
-        pred_text = "🔴 是训练成员（Loss < 阈值，模型过于熟悉）"
+        pred_text = "是训练成员（Loss < 阈值，模型过于熟悉）"
+        pred_icon = "🔴"
     else:
-        pred_text = "🟢 不是训练成员（Loss >= 阈值，模型不熟悉）"
+        pred_text = "非训练成员（Loss >= 阈值，模型不熟悉）"
+        pred_icon = "🟢"
 
     if actual_member:
-        actual_text = "🔴 是训练成员（此数据参与了训练）"
+        actual_text = "是训练成员（此数据参与了训练）"
+        actual_icon = "🔴"
     else:
-        actual_text = "🟢 不是训练成员（此数据未参与训练）"
+        actual_text = "非训练成员（此数据未参与训练）"
+        actual_icon = "🟢"
 
     if attack_correct and pred_member and actual_member:
-        result_text = "✅ **攻击成功 — 隐私泄露！**"
+        result_text = "**攻击成功 -- 隐私泄露**"
+        result_icon = "⚠️"
     elif attack_correct:
-        result_text = "✅ **判断正确**"
+        result_text = "**判断正确**"
+        result_icon = "✅"
     else:
-        result_text = "❌ **攻击失误**"
+        result_text = "**攻击失误**"
+        result_icon = "❌"
 
     if pred_member:
         warning = (
-            "⚠️ **隐私风险！** 此样本 Loss = " + f"{loss:.4f}"
-            + " 低于阈值（" + f"{threshold:.4f}"
-            + "），模型对它过于'熟悉'，学生隐私可能被推断！"
+            "> **隐私风险** : 此样本 Loss = " + f"{loss:.4f}"
+            + " 低于阈值 " + f"{threshold:.4f}"
+            + "，模型对它过于熟悉，学生隐私可能被推断。"
         )
     else:
         warning = (
-            "✅ 此样本 Loss = " + f"{loss:.4f}"
-            + " 高于阈值（" + f"{threshold:.4f}"
-            + "），模型对其无特殊记忆，隐私相对安全。"
+            "> **相对安全** : 此样本 Loss = " + f"{loss:.4f}"
+            + " 高于阈值 " + f"{threshold:.4f}"
+            + "，模型对其无特殊记忆。"
         )
 
-    viz = (
-        "    成员区（低Loss）                      非成员区（高Loss）\n"
-        "    <-----------------------|------------------------->\n"
-        "                         阈值\n"
-        "\n"
-        "    [" + bar_visual + "]\n"
-        "     |                      |                       |\n"
-        "   成员均值               阈值                  非成员均值\n"
-        "   " + f"{bl_m_mean:.4f}" + "               "
-        + f"{threshold:.4f}" + "                "
-        + f"{bl_nm_mean:.4f}" + "\n"
-        "\n"
-        "    当前 Loss = " + f"{loss:.4f}" + "\n"
-        "    位置: " + position_text + "\n"
-    )
-
     result_md = (
-        "## 🔍 MIA 攻击结果\n\n"
-        "### 📊 Loss 计算\n\n"
+        "### Loss 计算结果\n\n"
         "| 指标 | 值 |\n"
         "|------|-----|\n"
-        "| **样本 Loss** | `" + f"{loss:.6f}" + "` |\n"
-        "| **判定阈值** | `" + f"{threshold:.6f}" + "` |\n"
-        "| **成员平均 Loss** | `" + f"{bl_m_mean:.6f}" + "` |\n"
-        "| **非成员平均 Loss** | `" + f"{bl_nm_mean:.6f}" + "` |\n\n"
-        "### 📏 Loss 位置可视化\n\n"
-        "```\n"
-        + viz
-        + "```\n\n"
-        "### 🎯 攻击判定\n\n"
+        "| 样本 Loss | " + f"{loss:.6f}" + " |\n"
+        "| 判定阈值 | " + f"{threshold:.6f}" + " |\n"
+        "| 成员平均 Loss | " + f"{bl_m_mean:.6f}" + " |\n"
+        "| 非成员平均 Loss | " + f"{bl_nm_mean:.6f}" + " |\n\n"
+        "### 攻击判定\n\n"
         "| 项目 | 结果 |\n"
         "|------|------|\n"
-        "| **攻击者预测** | " + pred_text + " |\n"
-        "| **实际身份** | " + actual_text + " |\n"
-        "| **攻击结果** | " + result_text + " |\n\n"
-        "### 💡 原理说明\n\n"
-        "模型对**训练过的数据**产生**更低的 Loss**（更\"自信\"），"
-        "攻击者利用这一统计差异推断成员身份：\n\n"
-        "- Loss **低于** 阈值 " + f"{threshold:.4f}" + " → 判定为**训练成员** → ⚠️ 隐私风险\n"
-        "- Loss **高于** 阈值 " + f"{threshold:.4f}" + " → 判定为**非成员** → ✅ 相对安全\n\n"
-        + warning + "\n\n"
-        "> 📌 本演示使用实验中保存的真实 Loss 数据。\n"
+        "| 攻击者预测 | " + pred_icon + " " + pred_text + " |\n"
+        "| 实际身份 | " + actual_icon + " " + actual_text + " |\n"
+        "| 攻击结果 | " + result_icon + " " + result_text + " |\n\n"
+        + warning + "\n"
     )
 
-    question_display = "**📝 第 " + str(idx) + " 号样本：**\n\n" + sample['question'][:600]
-    return question_display, result_md
+    question_display = "**第 " + str(idx) + " 号样本 :**\n\n" + clean_text(sample['question'][:600])
+    return question_display, gauge_fig, result_md
 
 
 # ========================================
 # 4. 构建界面
 # ========================================
 
-custom_css = (
-    ".gradio-container { max-width: 1280px !important; margin: auto !important; }\n"
-    ".tab-nav button { font-size: 15px !important; padding: 10px 18px !important; font-weight: 600 !important; }\n"
-    "footer { display: none !important; }\n"
-)
+custom_css = """
+/* 整体容器 */
+.gradio-container {
+    max-width: 1200px !important;
+    margin: auto !important;
+    font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, sans-serif !important;
+}
+
+/* Tab 按钮 */
+.tab-nav button {
+    font-size: 14px !important;
+    padding: 10px 16px !important;
+    font-weight: 500 !important;
+    border-radius: 8px 8px 0 0 !important;
+}
+.tab-nav button.selected {
+    font-weight: 700 !important;
+    border-bottom: 3px solid #5B8FF9 !important;
+}
+
+/* 标题样式 */
+.prose h1 {
+    font-size: 1.8rem !important;
+    color: #1a1a2e !important;
+    border-bottom: 2px solid #5B8FF9 !important;
+    padding-bottom: 8px !important;
+}
+.prose h2 {
+    font-size: 1.35rem !important;
+    color: #16213e !important;
+    margin-top: 1.2em !important;
+}
+.prose h3 {
+    font-size: 1.1rem !important;
+    color: #0f3460 !important;
+}
+
+/* 表格美化 */
+.prose table {
+    border-collapse: collapse !important;
+    width: 100% !important;
+    font-size: 0.9rem !important;
+}
+.prose th {
+    background: #f0f5ff !important;
+    color: #1a1a2e !important;
+    font-weight: 600 !important;
+    padding: 10px 14px !important;
+}
+.prose td {
+    padding: 8px 14px !important;
+    border-bottom: 1px solid #eee !important;
+}
+
+/* 引用块 */
+.prose blockquote {
+    border-left: 4px solid #5B8FF9 !important;
+    background: #f7f9fc !important;
+    padding: 12px 16px !important;
+    margin: 12px 0 !important;
+    border-radius: 0 6px 6px 0 !important;
+}
+
+/* 隐藏底部 */
+footer { display: none !important; }
+"""
+
 
 with gr.Blocks(
     title="教育大模型隐私攻防实验",
@@ -393,88 +498,84 @@ with gr.Blocks(
 ) as demo:
 
     # ============================
-    # 顶部标题
+    # 顶部
     # ============================
     gr.Markdown(
-        "# 🎓 教育大模型中的成员推理攻击及其防御研究\n"
-        "### Membership Inference Attack & Defense in Educational LLMs\n\n"
-        "---\n\n"
-        "> **研究目标**：探究教育场景下大语言模型的隐私泄露风险，"
-        "验证**标签平滑**和**输出扰动**两种防御策略的效果与局限。\n\n"
-        "> **技术栈**：`Qwen2.5-Math-1.5B` · `LoRA微调` · `Loss-based MIA` · "
-        "`标签平滑` · `输出扰动`\n"
+        "# 教育大模型中的成员推理攻击及其防御研究\n\n"
+        "> 探究教育场景下大语言模型的隐私泄露风险，"
+        "验证 **标签平滑** 与 **输出扰动** 两种防御策略的有效性及其对模型效用的影响。\n"
     )
 
     # ============================
     # Tab 1: 项目概览
     # ============================
-    with gr.Tab("🏠 项目概览"):
+    with gr.Tab("项目概览"):
         gr.Markdown(
-            "## 📖 研究背景\n\n"
-            "随着大语言模型在教育领域广泛应用（智能辅导、个性化学习等），"
-            "模型训练不可避免地接触到学生隐私数据（姓名、学号、成绩等）。\n\n"
-            "**成员推理攻击（MIA）** 可以判断某条数据是否用于模型训练，从而推断学生隐私。\n\n"
+            "## 研究背景\n\n"
+            "随着大语言模型在教育领域的广泛应用（智能辅导系统、个性化学习推荐等），"
+            "模型训练过程中不可避免地接触到学生敏感数据。"
+            "**成员推理攻击 (Membership Inference Attack, MIA)** 可以判断某条数据是否参与了模型训练，"
+            "进而推断学生的隐私信息。\n\n"
             "---\n\n"
-            "## 🔬 研究设计\n\n"
+            "## 研究设计\n\n"
             "| 阶段 | 内容 | 说明 |\n"
             "|------|------|------|\n"
-            "| 📂 数据准备 | 2000条小学数学辅导对话 | 含姓名、学号、成绩等隐私 |\n"
-            "| 🧠 模型训练 | Qwen2.5-Math + LoRA | 基线 + 两个标签平滑模型 |\n"
-            "| ⚔️ 攻击测试 | Loss-based MIA | 基于Loss判断成员身份 |\n"
-            "| 🛡️ 训练期防御 | 标签平滑 (e=0.02, 0.2) | 训练时正则化 |\n"
-            "| 🛡️ 推理期防御 | 输出扰动 (s=0.01~0.02) | 推理时加噪声 |\n"
-            "| 📊 综合评估 | 隐私-效用权衡 | AUC + 准确率 |\n\n"
+            "| 数据准备 | 2000条小学数学辅导对话 | 含姓名、学号、班级、成绩等隐私字段 |\n"
+            "| 模型训练 | Qwen2.5-Math-1.5B + LoRA | 基线模型 + 标签平滑模型 (e=0.02, 0.2) |\n"
+            "| 攻击测试 | Loss-based MIA | 利用模型输出Loss判断成员身份 |\n"
+            "| 训练期防御 | 标签平滑 | 软化训练标签，降低模型对训练数据的记忆程度 |\n"
+            "| 推理期防御 | 输出扰动 | 在推理阶段对输出Loss添加高斯噪声 |\n"
+            "| 综合评估 | 隐私-效用权衡分析 | AUC（隐私风险）+ 准确率（模型效用）|\n\n"
             "---\n\n"
-            "## ⚙️ 实验配置\n\n"
+            "## 实验配置\n\n"
             "| 配置项 | 值 |\n"
             "|--------|-----|\n"
-            "| **基座模型** | " + model_name_str + " |\n"
-            "| **微调方法** | LoRA (r=8, alpha=16) |\n"
-            "| **训练轮数** | 10 epochs |\n"
-            "| **数据总量** | " + str(data_size_str) + " 条（成员1000 + 非成员1000）|\n"
-            "| **GPU** | " + gpu_name_str + " |\n"
-            "| **实验日期** | " + setup_date_str + " |\n\n"
+            "| 基座模型 | " + model_name_str + " |\n"
+            "| 微调方法 | LoRA (r=8, alpha=16, target: q/k/v/o_proj) |\n"
+            "| 训练轮数 | 10 epochs |\n"
+            "| 数据总量 | " + data_size_str + " 条 (成员1000 + 非成员1000) |\n"
+            "| GPU | " + gpu_name_str + " |\n\n"
             "---\n\n"
-            "## 📐 技术路线\n\n"
-            "```\n"
-            "+----------+    +-----------+    +----------+    +----------+    +----------+\n"
-            "| 数据生成  |--->| 基线训练   |--->| MIA攻击  |--->| 防御部署  |--->| 综合评估  |\n"
-            "| (2000条)  |    | (LoRA)    |    | (Loss)   |    | (LS+OP)  |    | (AUC+Acc)|\n"
-            "+----------+    +-----+-----+    +----------+    +----------+    +----------+\n"
-            "                      |                                |\n"
-            "                      +--- 标签平滑模型训练 -----------+\n"
-            "                           (e=0.02, e=0.2)\n"
-            "```\n"
+            "## 技术路线\n\n"
+            "| 步骤 | 阶段 | 方法 | 输出 |\n"
+            "|------|------|------|------|\n"
+            "| 1 | 数据生成 | 模板化生成2000条对话 | member.json + non_member.json |\n"
+            "| 2 | 基线训练 | LoRA微调Qwen2.5-Math | baseline模型 |\n"
+            "| 3 | 防御训练 | 标签平滑 (e=0.02, e=0.2) | smooth模型 x2 |\n"
+            "| 4 | MIA攻击 | 计算全量样本Loss，AUC评估 | mia_results.json |\n"
+            "| 5 | 输出扰动 | 对baseline Loss加高斯噪声 (s=0.01~0.02) | perturbation_results.json |\n"
+            "| 6 | 效用评估 | 300道数学测试题 | utility_results.json |\n"
+            "| 7 | 综合分析 | 隐私-效用权衡图 | 研究结论 |\n"
         )
 
     # ============================
     # Tab 2: 数据展示
     # ============================
-    with gr.Tab("📊 数据展示"):
+    with gr.Tab("数据展示"):
         gr.Markdown(
-            "## 📂 数据集概况\n\n"
-            "- **成员数据（训练集）**：1000条，用于训练模型\n"
-            "- **非成员数据（测试集）**：1000条，不参与训练\n"
-            "- 每条数据包含**学生隐私信息**（姓名、学号、班级、成绩）\n"
+            "## 数据集概况\n\n"
+            "- **成员数据（训练集）**: 1000条，用于模型微调训练\n"
+            "- **非成员数据（测试集）**: 1000条，不参与训练，作为MIA攻击的对照组\n"
+            "- 每条数据均包含学生隐私字段（姓名、学号、班级、成绩），模拟真实教育场景\n"
         )
 
         with gr.Row():
             with gr.Column(scale=1):
-                gr.Markdown("### 📊 任务类型分布")
+                gr.Markdown("### 任务类型分布")
                 gr.Plot(value=make_pie_chart())
             with gr.Column(scale=1):
-                gr.Markdown("### 🔍 随机查看样本")
+                gr.Markdown("### 随机查看样本")
                 data_sel = gr.Radio(
                     choices=["成员数据（训练集）", "非成员数据（测试集）"],
                     value="成员数据（训练集）",
-                    label="选择数据类型"
+                    label="数据类型"
                 )
-                sample_btn = gr.Button("🎲 随机抽取样本", variant="primary")
+                sample_btn = gr.Button("随机抽取样本", variant="primary")
 
         sample_info = gr.Markdown()
         with gr.Row():
-            sample_q = gr.Textbox(label="📝 学生提问", lines=7, interactive=False)
-            sample_a = gr.Textbox(label="💡 模型回答", lines=7, interactive=False)
+            sample_q = gr.Textbox(label="学生提问", lines=6, interactive=False)
+            sample_a = gr.Textbox(label="模型回答", lines=6, interactive=False)
 
         sample_btn.click(
             fn=show_random_sample,
@@ -483,17 +584,16 @@ with gr.Blocks(
         )
 
     # ============================
-    # Tab 3: MIA 攻击演示
+    # Tab 3: MIA攻击演示
     # ============================
-    with gr.Tab("⚔️ MIA攻击演示"):
+    with gr.Tab("MIA攻击演示"):
         gr.Markdown(
-            "## ⚔️ 实时成员推理攻击\n\n"
-            "**攻击原理**：模型对训练过的数据产生更低的Loss（更\"自信\"），"
-            "攻击者利用Loss阈值判断成员身份。\n\n"
-            "### 📌 操作步骤\n"
-            "1️⃣ 选择数据来源（成员/非成员）\n"
-            "2️⃣ 拖动滑块选择样本编号\n"
-            "3️⃣ 点击 **\"执行攻击\"** 查看结果\n"
+            "## 成员推理攻击演示\n\n"
+            "**原理**: 模型对训练过的数据产生更低的Loss，"
+            "攻击者利用Loss与阈值的比较判断样本是否为训练成员。\n\n"
+            "1. 选择数据来源 (成员 / 非成员)\n"
+            "2. 拖动滑块选择样本编号\n"
+            "3. 点击 **执行攻击**\n"
         )
 
         with gr.Row():
@@ -501,189 +601,211 @@ with gr.Blocks(
                 atk_data_type = gr.Radio(
                     choices=["成员数据（训练集）", "非成员数据（测试集）"],
                     value="成员数据（训练集）",
-                    label="📂 数据来源"
+                    label="数据来源"
                 )
                 atk_index = gr.Slider(
                     minimum=0, maximum=999, step=1, value=0,
-                    label="📌 样本编号 (0-999)"
+                    label="样本编号 (0-999)"
                 )
-                atk_btn = gr.Button("⚔️ 执行MIA攻击", variant="primary", size="lg")
+                atk_btn = gr.Button("执行MIA攻击", variant="primary", size="lg")
             with gr.Column(scale=1):
                 atk_question = gr.Markdown()
 
+        atk_gauge = gr.Plot(label="Loss位置可视化")
         atk_result = gr.Markdown()
 
         atk_btn.click(
             fn=run_mia_demo,
             inputs=[atk_index, atk_data_type],
-            outputs=[atk_question, atk_result]
+            outputs=[atk_question, atk_gauge, atk_result]
         )
 
     # ============================
     # Tab 4: 防御对比
     # ============================
-    with gr.Tab("🛡️ 防御对比"):
+    with gr.Tab("防御对比"):
         gr.Markdown(
-            "## 🛡️ 防御策略效果对比\n\n"
-            "| 策略 | 类型 | 原理 | 优点 | 缺点 |\n"
+            "## 防御策略效果对比\n\n"
+            "| 策略 | 类型 | 原理 | 优势 | 局限 |\n"
             "|------|------|------|------|------|\n"
-            "| **标签平滑** | 训练期 | 软化标签防止过拟合 | 从根源降低记忆 | 可能损失效用 |\n"
-            "| **输出扰动** | 推理期 | Loss加高斯噪声 | 零效用损失 | 只遮蔽统计信号 |\n"
+            "| 标签平滑 | 训练期 | 软化one-hot标签，抑制过拟合 | 从根���降低模型记忆 | 可能影响模型效用 |\n"
+            "| 输出扰动 | 推理期 | 对输出Loss添加高斯噪声 | 零效用损失，即插即用 | 仅遮蔽统计信号 |\n"
         )
 
         with gr.Row():
             with gr.Column():
-                gr.Markdown("### 📊 所有防御策略AUC对比")
+                gr.Markdown("### AUC对比（所有防御策略）")
                 gr.Plot(value=make_auc_bar())
             with gr.Column():
-                gr.Markdown("### 📈 Loss分布对比")
+                gr.Markdown("### Loss分布对比")
                 gr.Plot(value=make_loss_distribution())
 
-        # 结果表格
         table = (
-            "### 📋 完整实验结果\n\n"
-            "| 策略 | 类型 | AUC | 隐私风险 |\n"
+            "### 实验结果汇总\n\n"
+            "| 策略 | 类型 | AUC | 风险等级 |\n"
             "|------|------|-----|----------|\n"
         )
-        for k, name, cat in [('baseline', '基线（无防御）', '—'),
-                              ('smooth_0.02', '标签平滑 e=0.02', '训练期'),
-                              ('smooth_0.2', '标签平滑 e=0.2', '训练期')]:
+        for k, name, cat in [('baseline', '基线 (无防御)', '--'),
+                              ('smooth_0.02', '标签平滑 (e=0.02)', '训练期'),
+                              ('smooth_0.2', '标签平滑 (e=0.2)', '训练期')]:
             if k in mia_results:
                 a = mia_results[k]['auc']
-                table += "| " + name + " | " + cat + " | **" + f"{a:.4f}" + "** | " + risk_badge(a) + " |\n"
-        for k, name in [('perturbation_0.01', '输出扰动 s=0.01'),
-                         ('perturbation_0.015', '输出扰动 s=0.015'),
-                         ('perturbation_0.02', '输出扰动 s=0.02')]:
+                table += "| " + name + " | " + cat + " | " + f"{a:.4f}" + " | " + risk_badge(a) + " |\n"
+        for k, name in [('perturbation_0.01', '输出扰动 (s=0.01)'),
+                         ('perturbation_0.015', '输出扰动 (s=0.015)'),
+                         ('perturbation_0.02', '输出扰动 (s=0.02)')]:
             if k in perturb_results:
                 a = perturb_results[k]['auc']
-                table += "| " + name + " | 推理期 | **" + f"{a:.4f}" + "** | " + risk_badge(a) + " |\n"
+                table += "| " + name + " | 推理期 | " + f"{a:.4f}" + " | " + risk_badge(a) + " |\n"
         gr.Markdown(table)
 
     # ============================
-    # Tab 5: 输出扰动
+    # Tab 5: 防御详解（标签平滑 + 输出扰动）
     # ============================
-    with gr.Tab("🔊 输出扰动"):
+    with gr.Tab("防御详解"):
         gr.Markdown(
-            "## 🔊 输出扰动防御详解\n\n"
-            "### 📌 核心思想\n\n"
-            "在**推理阶段**，对模型返回的Loss值添加**高斯噪声**：\n\n"
-            "**Loss_new = Loss_original + N(0, sigma^2)**\n\n"
-            "### ✅ 最大优势\n"
-            "- **不需要重新训练模型**（部署成本为零）\n"
-            "- **不影响模型效用**（准确率完全不变）\n"
-            "- 噪声强度sigma可以动态调节\n\n"
-            "### 📊 实验结果\n\n"
-            "| sigma | AUC | 相比基线降低 | 准确率 | 说明 |\n"
-            "|-------|-----|-------------|--------|------|\n"
-            "| 0（基线）| **" + f"{bl_auc:.4f}" + "** | — | " + f"{bl_acc:.1f}" + "% | 无防御 |\n"
-            "| 0.01 | **" + f"{op001_auc:.4f}" + "** | ↓" + f"{bl_auc - op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "%（不变）| 温和 |\n"
-            "| 0.015 | **" + f"{op0015_auc:.4f}" + "** | ↓" + f"{bl_auc - op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "%（不变）| 适中 |\n"
-            "| 0.02 | **" + f"{op002_auc:.4f}" + "** | ↓" + f"{bl_auc - op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "%（不变）| **推荐** |\n\n"
-            "### 💡 核心发现\n\n"
-            "> 输出扰动 (s=0.02) 将AUC从 " + f"{bl_auc:.4f}" + " 降至 **" + f"{op002_auc:.4f}" + "**，"
-            "准确率 **" + f"{bl_acc:.1f}" + "%** 完全不变 — 真正的**零成本防御**！\n"
+            "## 防御策略详解\n\n"
+            "---\n\n"
+            "### 一、标签平滑 (Label Smoothing)\n\n"
+            "**类型** : 训练期防御\n\n"
+            "**原理** : 将训练标签从硬标签 (one-hot) 转换为软标签，"
+            "降低模型对训练样本的过度拟合程度，从而缩小成员与非成员之间的Loss差异。\n\n"
+            "**公式** : y_smooth = (1 - e) * y_onehot + e / V\n\n"
+            "其中 e 为平滑系数，V 为词汇表大小。\n\n"
+            "| 参数 | AUC | 准确率 | 分析 |\n"
+            "|------|-----|--------|------|\n"
+            "| 基线 (e=0) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 无防御，MIA风险较高 |\n"
+            "| e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 温和防御，效用保持良好 |\n"
+            "| e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 强力防御，AUC显著下降 |\n\n"
+            "---\n\n"
+            "### 二、输出扰动 (Output Perturbation)\n\n"
+            "**类型** : 推理期防御\n\n"
+            "**原理** : 在推理阶段对模型返回的Loss值添加高斯噪声，"
+            "模糊成员与非成员之间的统计差异，使攻击者难以准确判别。\n\n"
+            "**公式** : Loss_perturbed = Loss_original + N(0, s^2)\n\n"
+            "**核心优势** : 不修改模型参数，准确率完全不变。\n\n"
+            "| 参数 | AUC | AUC降幅 | 准确率 |\n"
+            "|------|-----|---------|--------|\n"
+            "| 基线 (s=0) | " + f"{bl_auc:.4f}" + " | -- | " + f"{bl_acc:.1f}" + "% |\n"
+            "| s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc - op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
+            "| s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc - op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
+            "| s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc - op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n\n"
+            "---\n\n"
+            "### 三、综合对比\n\n"
+            "| 维度 | 标签平滑 | 输出扰动 |\n"
+            "|------|---------|----------|\n"
+            "| 作用阶段 | 训练期 | 推理期 |\n"
+            "| 是否需要重训 | 是 | 否 |\n"
+            "| 对效用的影响 | 可能有影响 | 无影响 |\n"
+            "| 防御机制 | 降低过拟合 | 遮蔽统计信号 |\n"
+            "| 可叠加使用 | 是 | 是 |\n\n"
+            "> **推荐方案** : 标签平滑 (e=0.02) + 输出扰动 (s=0.02) 双重防护\n"
         )
 
     # ============================
     # Tab 6: 效用评估
     # ============================
-    with gr.Tab("📝 效用评估"):
+    with gr.Tab("效用评估"):
         gr.Markdown(
-            "## 📐 模型效用评估\n\n"
-            "> 防御不能\"只管隐私不管效果\"。本节评估各模型在 **300道数学题** 上的准确率。\n"
+            "## 模型效用评估\n\n"
+            "> 测试集: 300道数学题，覆盖基础计算、应用题、概念问答三类任务。\n"
         )
 
         with gr.Row():
             with gr.Column():
-                gr.Markdown("### 📊 准确率对比")
+                gr.Markdown("### 准确率对比")
                 gr.Plot(value=make_accuracy_bar())
             with gr.Column():
-                gr.Markdown("### ⚖️ 隐私-效用权衡")
+                gr.Markdown("### 隐私-效用权衡")
                 gr.Plot(value=make_tradeoff())
 
         ut = (
-            "### 📋 效用评估详情\n\n"
-            "| 策略 | 准确率 | AUC | 风险 | 效用影响 |\n"
-            "|------|--------|-----|------|----------|\n"
+            "### 效用评估详情\n\n"
+            "| 策略 | 准确率 | AUC | 风险等级 | 效用影响 |\n"
+            "|------|--------|-----|---------|----------|\n"
         )
-        for k, name in [('baseline', '基线'), ('smooth_0.02', '标签平滑 e=0.02'),
-                         ('smooth_0.2', '标签平滑 e=0.2')]:
+        for k, name in [('baseline', '基线'), ('smooth_0.02', '标签平滑 (e=0.02)'),
+                         ('smooth_0.2', '标签平滑 (e=0.2)')]:
             if k in utility_results and k in mia_results:
                 acc = utility_results[k]['accuracy'] * 100
                 auc = mia_results[k]['auc']
-                impact = "—" if k == 'baseline' else ("✅ 提升" if acc > bl_acc else "⚠️ 下降")
-                ut += "| " + name + " | **" + f"{acc:.1f}" + "%** | " + f"{auc:.4f}" + " | " + risk_badge(auc) + " | " + impact + " |\n"
-        for k, name in [('perturbation_0.01', '输出扰动 s=0.01'), ('perturbation_0.02', '输出扰动 s=0.02')]:
+                impact = "--" if k == 'baseline' else ("提升" if acc > bl_acc else "下降")
+                ut += "| " + name + " | " + f"{acc:.1f}" + "% | " + f"{auc:.4f}" + " | " + risk_badge(auc) + " | " + impact + " |\n"
+        for k, name in [('perturbation_0.01', '输出扰动 (s=0.01)'), ('perturbation_0.02', '输出扰动 (s=0.02)')]:
             if k in perturb_results:
-                ut += "| " + name + " | **" + f"{bl_acc:.1f}" + "%** | " + f"{perturb_results[k]['auc']:.4f}" + " | " + risk_badge(perturb_results[k]['auc']) + " | ✅ 无影响 |\n"
+                ut += "| " + name + " | " + f"{bl_acc:.1f}" + "% | " + f"{perturb_results[k]['auc']:.4f}" + " | " + risk_badge(perturb_results[k]['auc']) + " | 无影响 |\n"
         gr.Markdown(ut)
 
     # ============================
     # Tab 7: 论文图表
     # ============================
-    with gr.Tab("📄 论文图表"):
-        gr.Markdown("## 📄 学术级论文图表（300 DPI）")
-
-        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1：Loss分布对比"),
-                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2：隐私-效用权衡"),
-                         ("fig3_defense_comparison_bar.png", "图3：防御效果柱状图")]:
+    with gr.Tab("论文图表"):
+        gr.Markdown("## 学术图表 (300 DPI)")
+        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1 : Loss分布对比"),
+                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2 : 隐私-效用权衡"),
+                         ("fig3_defense_comparison_bar.png", "图3 : 防御效果柱状图")]:
             path = os.path.join(BASE_DIR, "figures", fn)
             if os.path.exists(path):
                 gr.Markdown("### " + cap)
                 gr.Image(value=path, show_label=False, height=420)
                 gr.Markdown("---")
             else:
-                gr.Markdown("### " + cap + "\n\n> ⚠️ 文件未找到：" + fn + "（不影响核心功能）")
+                gr.Markdown("### " + cap + "\n\n> 文件未找到: " + fn)
 
     # ============================
     # Tab 8: 研究结论
     # ============================
-    with gr.Tab("🎓 研究结论"):
+    with gr.Tab("研究结论"):
         gr.Markdown(
-            "## 📝 核心结论\n\n"
+            "## 研究结论\n\n"
             "---\n\n"
-            "### 发现一：MIA对教育大模型构成现实威胁\n\n"
-            "基线模型AUC = **" + f"{bl_auc:.4f}" + "**，远高于随机猜测（0.5），"
-            "攻击者可以较高概率推断学生隐私。\n\n"
-            "### 发现二：标签平滑是有效的训练期防御\n\n"
-            "| 策略 | AUC | 准确率 | 评价 |\n"
-            "|------|-----|--------|------|\n"
-            "| 基线（无防御）| " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 隐私风险高 |\n"
-            "| 标签平滑 e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | ✅ **推荐** |\n"
-            "| 标签平滑 e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | ⚠️ 防御强但效用受影响 |\n\n"
-            "### 发现三：输出扰动是零成本的推理期防御\n\n"
-            "s=0.02 将AUC从 " + f"{bl_auc:.4f}" + " 降至 **" + f"{op002_auc:.4f}" + "**，准确率**不变**。\n\n"
-            "### 发现四：双重防御可叠加使用\n\n"
-            "> **推荐方案**：标签平滑 e=0.02（训练期）+ 输出扰动 s=0.02（推理期）= **双重防护**\n\n"
+            "### 一、教育大模型面临显著的成员推理攻击风险\n\n"
+            "实验结果表明，基于Qwen2.5-Math-1.5B经LoRA微调的教育辅导模型，"
+            "在面对基于Loss的成员推理攻击时，AUC达到 **" + f"{bl_auc:.4f}" + "**，"
+            "显著高于随机猜测基准 (0.5)。这意味着攻击者仅通过观察模型对某一样本的输出置信度，"
+            "即可以高于随机的概率推断该样本是否被纳入训练集。"
+            "在教育场景中，训练数据通常包含学生的姓名、学号、学业成绩等敏感信息，"
+            "上述攻击能力构成了切实的隐私威胁。\n\n"
             "---\n\n"
-            "### 🎤 答辩话术\n\n"
-            "> \"本研究以小学数学智能辅导系统为场景，使用Qwen2.5-Math-1.5B + LoRA微调。\n"
-            "> 基线模型AUC=" + f"{bl_auc:.4f}" + "，存在显著隐私泄露风险。\n"
-            "> 通过**训练期标签平滑**(e=0.02)和**推理期输出扰动**(s=0.02)两种防御，\n"
-            "> 有效降低了攻击成功率，其中输出扰动实现了**零效用损失**。\n"
-            "> 研究揭示了教育AI领域隐私保护与模型效用之间的权衡关系。\"\n\n"
+            "### 二、标签平滑作为训练期防御策略的有效性与局限性\n\n"
+            "标签平滑通过软化训练标签分布，抑制模型对训练样本的过度拟合，"
+            "从而缩��成员与非成员之间的Loss分布差异。实验中:\n\n"
+            "- **e=0.02** (温和平滑): AUC从 " + f"{bl_auc:.4f}" + " 降至 " + f"{s002_auc:.4f}"
+            + "，准确率为 " + f"{s002_acc:.1f}" + "%，在隐私保护与效用保持之间取得了较好的平衡。\n"
+            "- **e=0.2** (强力平滑): AUC进一步降至 " + f"{s02_auc:.4f}"
+            + "，防御效果更为显著，准确率为 " + f"{s02_acc:.1f}" + "%。\n\n"
+            "该��果揭示了标签平滑系数的选取需在隐私保护强度与模型效用之间进行权衡。"
+            "过小的平滑系数防御效果有限，而过大的系数可能影响模型在下游任务上的表现。\n\n"
             "---\n\n"
-            "### 📚 创新点\n\n"
-            "1. **场景新颖** — 聚焦教育领域LLM隐私（而非通用NLP）\n"
-            "2. **双重防御** — 同时研究训练期 + 推理期防御策略\n"
-            "3. **工程可行** — 标签平滑一行代码，输出扰动一行代码\n"
-            "4. **实验完整** — 攻击 + 防御 + 效用评估 + 权衡分析\n\n"
+            "### 三、输出扰动作为推理期防御策略的独特优势\n\n"
+            "输出扰动在推理阶段对模型输出的Loss值注入高斯噪声，"
+            "其核心优势在于**完全不改变模型参数**，因此对模型效用无任何影响。实验中:\n\n"
+            "- **s=0.02**: AUC从 " + f"{bl_auc:.4f}" + " 降至 " + f"{op002_auc:.4f}"
+            + "，而准确率保持 " + f"{bl_acc:.1f}" + "% 不变。\n\n"
+            "这表明输出扰动是一种**零效用成本**的防御手段，"
+            "特别适合已部署的模型系统进行后期隐私加固，具有良好的工程实用性。\n\n"
             "---\n\n"
-            "### 🔮 未来工作\n\n"
-            "- ��索**差分隐私 (DP-SGD)** 等更强防御\n"
-            "- 测试 **Shadow Model Attack** 等更强攻击\n"
-            "- 在真实教育数据集上验证\n"
-            "- 研究**联邦学习**框架下的教育模型隐私\n"
+            "### 四、隐私-效用权衡的定量分析\n\n"
+            "综合所有实验结果，本研究揭示了教育大模型隐私保护中的核心矛盾:\n\n"
+            "| 策略 | AUC (隐私风险) | 准确率 (效用) | 特点 |\n"
+            "|------|----------------|--------------|------|\n"
+            "| 基线 (无防御) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 风险最高 |\n"
+            "| 标签平滑 e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 训练期防御，效用保持良好 |\n"
+            "| 标签平滑 e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 强力防御 |\n"
+            "| 输出扰动 s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 零效用损失 |\n\n"
+            "上述分析表明，将**训练期标签平滑** (e=0.02) 与**推理期输出扰动** (s=0.02) 组合使用，"
+            "可以在两个独立维度上削弱攻击者的推断能力，实现更为全面的隐私保护，"
+            "同时将效用损失控制在可接受范围内。\n"
         )
 
     # ============================
     # 底部
     # ============================
     gr.Markdown(
-        "---\n"
+        "---\n\n"
         "<center>\n\n"
-        "🎓 **教育大模型中的成员推理攻击及其防御思路研究**\n\n"
-        "`Qwen2.5-Math-1.5B` · `LoRA` · `MIA` · `标签平滑` · `输出扰动` · `Gradio`\n\n"
+        "教育大模型中的成员推理攻击及其防御思路研究\n\n"
+        "Qwen2.5-Math-1.5B | LoRA | MIA | Label Smoothing | Output Perturbation\n\n"
         "</center>\n"
     )