Update app.py

app.py

@@ -1,10 +1,6 @@
 # ================================================================
-# 🎓 教育��模型中的成员推理攻击及其防御研究
-#    Membership Inference Attack & Defense in Educational LLMs
-# ================================================================
-# 部署平台：Hugging Face Spaces (永久免费)
-# SDK：Gradio
-# 硬件：CPU basic (Free) — 不需要 GPU
+# 🎓 教育大模型中的成员推理攻击及其防御研究
+#    完整演示界面 - Hugging Face Spaces 永久部署版
 # ================================================================
 
 import os
@@ -22,179 +18,129 @@ import gradio as gr
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
 
-def load_json(relative_path):
-    """安全加载 JSON 文件"""
-    path = os.path.join(BASE_DIR, relative_path)
-    if not os.path.exists(path):
-        raise FileNotFoundError(f"文件不存在: {path}")
-    with open(path, 'r', encoding='utf-8') as f:
+def load_json(path):
+    full = os.path.join(BASE_DIR, path)
+    with open(full, 'r', encoding='utf-8') as f:
         return json.load(f)
 
 
-# 训练/测试数据
 member_data = load_json("data/member.json")
 non_member_data = load_json("data/non_member.json")
-
-# 实验结果
 mia_results = load_json("results/mia_results.json")
 utility_results = load_json("results/utility_results.json")
 perturb_results = load_json("results/perturbation_results.json")
 full_results = load_json("results/mia_full_results.json")
-
-# 项目配置
 config = load_json("config.json")
 
-# 字体设置（兼容 Spaces 环境）
-plt.rcParams['font.sans-serif'] = ['DejaVu Sans', 'Arial', 'sans-serif']
+# 字体
+plt.rcParams['font.sans-serif'] = ['DejaVu Sans']
 plt.rcParams['axes.unicode_minus'] = False
 
+# 预取数值
+bl_auc = mia_results.get('baseline', {}).get('auc', 0)
+s002_auc = mia_results.get('smooth_0.02', {}).get('auc', 0)
+s02_auc = mia_results.get('smooth_0.2', {}).get('auc', 0)
+op001_auc = perturb_results.get('perturbation_0.01', {}).get('auc', 0)
+op0015_auc = perturb_results.get('perturbation_0.015', {}).get('auc', 0)
+op002_auc = perturb_results.get('perturbation_0.02', {}).get('auc', 0)
+
+bl_acc = utility_results.get('baseline', {}).get('accuracy', 0) * 100
+s002_acc = utility_results.get('smooth_0.02', {}).get('accuracy', 0) * 100
+s02_acc = utility_results.get('smooth_0.2', {}).get('accuracy', 0) * 100
+
+bl_m_mean = mia_results.get('baseline', {}).get('member_loss_mean', 0.19)
+bl_nm_mean = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.23)
+
+model_name_str = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
+gpu_name_str = config.get('gpu_name', 'T4')
+data_size_str = config.get('data_size', 2000)
+setup_date_str = config.get('setup_date', 'N/A')
+
 
 # ========================================
-# 2. 图表生成函数
+# 2. 图表函数
 # ========================================
 
 def make_pie_chart():
-    """数据集任务分布饼图"""
     task_counts = {}
     for item in member_data + non_member_data:
         t = item.get('task_type', 'unknown')
         task_counts[t] = task_counts.get(t, 0) + 1
-
     name_map = {
-        'calculation': 'Calculation (40%)',
-        'word_problem': 'Word Problem (30%)',
-        'concept': 'Concept Q&A (20%)',
-        'error_correction': 'Error Correction (10%)'
+        'calculation': 'Calculation',
+        'word_problem': 'Word Problem',
+        'concept': 'Concept Q&A',
+        'error_correction': 'Error Correction'
     }
-
     labels = [name_map.get(k, k) for k in task_counts]
     sizes = list(task_counts.values())
     colors = ['#FF6B6B', '#4ECDC4', '#45B7D1', '#96CEB4']
-
     fig, ax = plt.subplots(figsize=(8, 6))
-    wedges, texts, autotexts = ax.pie(
-        sizes,
-        labels=labels,
-        autopct='%1.1f%%',
-        colors=colors[:len(labels)],
-        explode=[0.04] * len(labels),
-        shadow=True,
-        startangle=90,
-        textprops={'fontsize': 11}
-    )
-    for t in autotexts:
-        t.set_fontsize(12)
-        t.set_fontweight('bold')
-
-    ax.set_title(
-        'Dataset Task Distribution (2000 samples)',
-        fontsize=15, fontweight='bold', pad=15
+    ax.pie(
+        sizes, labels=labels, autopct='%1.1f%%',
+        colors=colors[:len(labels)], explode=[0.04] * len(labels),
+        shadow=True, startangle=90, textprops={'fontsize': 11}
     )
+    ax.set_title('Task Distribution (2000 samples)', fontsize=14, fontweight='bold', pad=15)
     plt.tight_layout()
     return fig
 
 
 def make_loss_distribution():
-    """Loss 分布直方图（使用真实 loss 数据）"""
     plot_items = []
-    for k, t in [('baseline', 'Baseline'),
-                 ('smooth_0.02', 'Label Smoothing e=0.02'),
-                 ('smooth_0.2', 'Label Smoothing e=0.2')]:
+    for k, t in [('baseline', 'Baseline'), ('smooth_0.02', 'LS e=0.02'), ('smooth_0.2', 'LS e=0.2')]:
         if k in full_results:
             auc = mia_results.get(k, {}).get('auc', 0)
-            plot_items.append((k, f"{t}\nAUC = {auc:.4f}"))
-
+            plot_items.append((k, t + " (AUC=" + f"{auc:.4f}" + ")"))
     n = len(plot_items)
     if n == 0:
         fig, ax = plt.subplots()
-        ax.text(0.5, 0.5, 'No data available', ha='center', va='center')
+        ax.text(0.5, 0.5, 'No data', ha='center')
         return fig
-
     fig, axes = plt.subplots(1, n, figsize=(6 * n, 5))
     if n == 1:
         axes = [axes]
-
     for ax, (k, title) in zip(axes, plot_items):
-        m_losses = full_results[k]['member_losses']
-        nm_losses = full_results[k]['non_member_losses']
-
-        all_losses = m_losses + nm_losses
-        bins = np.linspace(min(all_losses), max(all_losses), 40)
-
-        ax.hist(m_losses, bins=bins, alpha=0.55, color='#4A90D9',
-                label=f'Members (u={np.mean(m_losses):.3f})', density=True)
-        ax.hist(nm_losses, bins=bins, alpha=0.55, color='#E74C3C',
-                label=f'Non-Members (u={np.mean(nm_losses):.3f})', density=True)
-
-        ax.set_title(title, fontsize=13, fontweight='bold')
-        ax.set_xlabel('Loss Value', fontsize=11)
-        ax.set_ylabel('Density', fontsize=11)
+        m = full_results[k]['member_losses']
+        nm = full_results[k]['non_member_losses']
+        bins = np.linspace(min(min(m), min(nm)), max(max(m), max(nm)), 40)
+        ax.hist(m, bins=bins, alpha=0.55, color='#4A90D9',
+                label='Members (u=' + f"{np.mean(m):.3f}" + ')', density=True)
+        ax.hist(nm, bins=bins, alpha=0.55, color='#E74C3C',
+                label='Non-Members (u=' + f"{np.mean(nm):.3f}" + ')', density=True)
+        ax.set_title(title, fontsize=12, fontweight='bold')
+        ax.set_xlabel('Loss')
+        ax.set_ylabel('Density')
         ax.legend(fontsize=9)
         ax.grid(True, linestyle='--', alpha=0.4)
-
-    plt.suptitle(
-        'Member vs Non-Member Loss Distribution',
-        fontsize=16, fontweight='bold', y=1.02
-    )
     plt.tight_layout()
     return fig
 
 
 def make_auc_bar():
-    """所有防御策略 AUC 柱状图"""
-    methods = []
-    aucs = []
-    colors = []
-
-    # MIA 模型结果
-    for k, name, c in [
-        ('baseline', 'Baseline', '#95A5A6'),
-        ('smooth_0.02', 'LS e=0.02', '#5B9BD5'),
-        ('smooth_0.2', 'LS e=0.2', '#2E5FA1'),
-    ]:
+    methods, aucs, colors = [], [], []
+    for k, name, c in [('baseline', 'Baseline', '#95A5A6'), ('smooth_0.02', 'LS e=0.02', '#5B9BD5'),
+                        ('smooth_0.2', 'LS e=0.2', '#2E5FA1')]:
         if k in mia_results:
             methods.append(name)
             aucs.append(mia_results[k]['auc'])
             colors.append(c)
-
-    # 输出扰动结果
-    for k, name, c in [
-        ('perturbation_0.01', 'OP s=0.01', '#27AE60'),
-        ('perturbation_0.015', 'OP s=0.015', '#1E8449'),
-        ('perturbation_0.02', 'OP s=0.02', '#145A32'),
-    ]:
+    for k, name, c in [('perturbation_0.01', 'OP s=0.01', '#27AE60'),
+                        ('perturbation_0.015', 'OP s=0.015', '#1E8449'),
+                        ('perturbation_0.02', 'OP s=0.02', '#145A32')]:
         if k in perturb_results:
             methods.append(name)
             aucs.append(perturb_results[k]['auc'])
             colors.append(c)
-
     fig, ax = plt.subplots(figsize=(11, 6))
-    bars = ax.bar(
-        methods, aucs, color=colors, width=0.55,
-        edgecolor='white', linewidth=1.5
-    )
-
-    # 数值标签
-    for bar, auc_val in zip(bars, aucs):
-        ax.text(
-            bar.get_x() + bar.get_width() / 2,
-            bar.get_height() + 0.004,
-            f'{auc_val:.3f}',
-            ha='center', va='bottom', fontsize=13, fontweight='bold'
-        )
-
-    # 参考线
-    baseline_auc = mia_results.get('baseline', {}).get('auc', 0.63)
-    ax.axhline(y=0.5, color='red', linestyle='--', linewidth=2,
-               label='Random Guess (AUC=0.5)')
-    ax.axhline(y=baseline_auc, color='black', linestyle=':',
-               linewidth=1.5, label='Baseline Risk')
-
-    ax.set_ylabel('MIA Attack AUC', fontsize=13)
-    ax.set_title(
-        'Comparison of All Defense Mechanisms',
-        fontsize=15, fontweight='bold'
-    )
+    bars = ax.bar(methods, aucs, color=colors, width=0.55, edgecolor='white', linewidth=1.5)
+    for bar, a in zip(bars, aucs):
+        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.004,
+                f'{a:.3f}', ha='center', va='bottom', fontsize=13, fontweight='bold')
+    ax.axhline(y=0.5, color='red', linestyle='--', linewidth=2, label='Random Guess (0.5)')
+    ax.axhline(y=bl_auc, color='black', linestyle=':', linewidth=1.5, label='Baseline')
+    ax.set_ylabel('MIA AUC', fontsize=13)
+    ax.set_title('All Defense Mechanisms - AUC', fontsize=14, fontweight='bold')
     ax.set_ylim(0.45, max(aucs) + 0.06 if aucs else 1.0)
     ax.legend(fontsize=11)
     ax.grid(axis='y', linestyle='--', alpha=0.4)
@@ -204,71 +150,35 @@ def make_auc_bar():
 
 
 def make_tradeoff():
-    """隐私-效用权衡散点图"""
     fig, ax = plt.subplots(figsize=(10, 7))
     points = []
-
-    # MIA 模型
     for k, name, marker, color, sz in [
-        ('baseline', 'Baseline (No Defense)', 'o', 'black', 180),
-        ('smooth_0.02', 'Label Smoothing e=0.02', 's', '#5B9BD5', 160),
-        ('smooth_0.2', 'Label Smoothing e=0.2', 's', '#2E5FA1', 160),
-    ]:
+        ('baseline', 'Baseline', 'o', 'black', 180),
+        ('smooth_0.02', 'LS e=0.02', 's', '#5B9BD5', 160),
+        ('smooth_0.2', 'LS e=0.2', 's', '#2E5FA1', 160)]:
         if k in mia_results and k in utility_results:
-            points.append({
-                'name': name,
-                'auc': mia_results[k]['auc'],
-                'acc': utility_results[k]['accuracy'],
-                'marker': marker, 'color': color, 'size': sz
-            })
-
-    # 输出扰动（准确率 = 基线准确率）
+            points.append({'name': name, 'auc': mia_results[k]['auc'],
+                           'acc': utility_results[k]['accuracy'],
+                           'marker': marker, 'color': color, 'size': sz})
     base_acc = utility_results.get('baseline', {}).get('accuracy', 0.633)
     for k, name, marker, color, sz in [
-        ('perturbation_0.01', 'Output Perturb s=0.01', '^', '#27AE60', 170),
-        ('perturbation_0.02', 'Output Perturb s=0.02', '^', '#145A32', 170),
-    ]:
+        ('perturbation_0.01', 'OP s=0.01', '^', '#27AE60', 170),
+        ('perturbation_0.02', 'OP s=0.02', '^', '#145A32', 170)]:
         if k in perturb_results:
-            points.append({
-                'name': name,
-                'auc': perturb_results[k]['auc'],
-                'acc': base_acc,
-                'marker': marker, 'color': color, 'size': sz
-            })
-
+            points.append({'name': name, 'auc': perturb_results[k]['auc'],
+                           'acc': base_acc, 'marker': marker, 'color': color, 'size': sz})
     for p in points:
-        ax.scatter(
-            p['acc'], p['auc'],
-            label=p['name'], marker=p['marker'], color=p['color'],
-            s=p['size'], edgecolors='white', linewidth=1.5, zorder=5
-        )
-
-    ax.axhline(y=0.5, color='gray', linestyle='--', alpha=0.7,
-               label='Random Guess (AUC=0.5)')
-
-    ax.set_xlabel('Model Utility (Test Accuracy)', fontsize=13, fontweight='bold')
-    ax.set_ylabel('Privacy Risk (MIA AUC)', fontsize=13, fontweight='bold')
-    ax.set_title('Privacy-Utility Trade-off Analysis', fontsize=15, fontweight='bold')
-
-    # 自动坐标范围
+        ax.scatter(p['acc'], p['auc'], label=p['name'], marker=p['marker'],
+                   color=p['color'], s=p['size'], edgecolors='white', linewidth=1.5, zorder=5)
+    ax.axhline(y=0.5, color='gray', linestyle='--', alpha=0.7, label='Random Guess (0.5)')
+    ax.set_xlabel('Accuracy', fontsize=13, fontweight='bold')
+    ax.set_ylabel('MIA AUC (Privacy Risk)', fontsize=13, fontweight='bold')
+    ax.set_title('Privacy-Utility Trade-off', fontsize=14, fontweight='bold')
     all_acc = [p['acc'] for p in points]
     all_auc = [p['auc'] for p in points]
     if all_acc and all_auc:
         ax.set_xlim(min(all_acc) - 0.03, max(all_acc) + 0.05)
         ax.set_ylim(min(min(all_auc), 0.5) - 0.02, max(all_auc) + 0.02)
-
-        # 区域标注
-        ax.text(
-            min(all_acc) - 0.02, max(all_auc) + 0.01,
-            'High Risk / Low Utility', fontsize=10, color='red',
-            bbox=dict(facecolor='red', alpha=0.1)
-        )
-        ax.text(
-            max(all_acc) + 0.03, min(min(all_auc), 0.5) + 0.005,
-            'Ideal Zone', fontsize=10, color='green',
-            bbox=dict(facecolor='green', alpha=0.1)
-        )
-
     ax.legend(loc='upper right', frameon=True, shadow=True, fontsize=10)
     ax.grid(True, alpha=0.3)
     plt.tight_layout()
@@ -276,48 +186,27 @@ def make_tradeoff():
 
 
 def make_accuracy_bar():
-    """准确率对比柱状图"""
-    names = []
-    accs = []
-    colors = []
-
-    for k, name, c in [
-        ('baseline', 'Baseline', '#95A5A6'),
-        ('smooth_0.02', 'LS e=0.02', '#5B9BD5'),
-        ('smooth_0.2', 'LS e=0.2', '#2E5FA1'),
-    ]:
+    names, accs, colors = [], [], []
+    for k, name, c in [('baseline', 'Baseline', '#95A5A6'), ('smooth_0.02', 'LS e=0.02', '#5B9BD5'),
+                        ('smooth_0.2', 'LS e=0.2', '#2E5FA1')]:
         if k in utility_results:
             names.append(name)
             accs.append(utility_results[k]['accuracy'] * 100)
             colors.append(c)
-
-    # 输出扰动准确率 = 基线准确率
     base_pct = utility_results.get('baseline', {}).get('accuracy', 0) * 100
-    for k, name, c in [
-        ('perturbation_0.01', 'OP s=0.01', '#27AE60'),
-        ('perturbation_0.02', 'OP s=0.02', '#145A32'),
-    ]:
+    for k, name, c in [('perturbation_0.01', 'OP s=0.01', '#27AE60'),
+                        ('perturbation_0.02', 'OP s=0.02', '#145A32')]:
         if k in perturb_results:
             names.append(name)
             accs.append(base_pct)
             colors.append(c)
-
     fig, ax = plt.subplots(figsize=(11, 6))
-    bars = ax.bar(
-        names, accs, color=colors, width=0.5,
-        edgecolor='white', linewidth=1.5
-    )
-
+    bars = ax.bar(names, accs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, acc in zip(bars, accs):
-        ax.text(
-            bar.get_x() + bar.get_width() / 2,
-            bar.get_height() + 0.8,
-            f'{acc:.1f}%',
-            ha='center', va='bottom', fontsize=13, fontweight='bold'
-        )
-
+        ax.text(bar.get_x() + bar.get_width() / 2, bar.get_height() + 0.8,
+                f'{acc:.1f}%', ha='center', va='bottom', fontsize=13, fontweight='bold')
     ax.set_ylabel('Accuracy (%)', fontsize=13)
-    ax.set_title('Model Utility Comparison (300 Math Questions)', fontsize=15, fontweight='bold')
+    ax.set_title('Model Utility (300 Math Questions)', fontsize=14, fontweight='bold')
     ax.set_ylim(0, 100)
     ax.grid(axis='y', alpha=0.3)
     plt.xticks(rotation=10)
@@ -325,390 +214,302 @@ def make_accuracy_bar():
     return fig
 
 
+def risk_badge(auc_val):
+    if auc_val > 0.62:
+        return "🔴 高"
+    elif auc_val > 0.55:
+        return "🟡 中"
+    else:
+        return "🟢 低"
+
+
 # ========================================
-# 3. 界面回调函数
+# 3. 回调函数
 # ========================================
 
 def show_random_sample(data_type):
-    """随机展示一条数据样本"""
-    if "member" in data_type.lower() or "成员" in data_type:
+    if data_type == "成员数据（训练集）":
         data = member_data
     else:
         data = non_member_data
-
     sample = data[np.random.randint(0, len(data))]
     meta = sample['metadata']
-
-    task_name_map = {
-        'calculation': 'Calculation (基础计算)',
-        'word_problem': 'Word Problem (应用题)',
-        'concept': 'Concept Q&A (概念问答)',
-        'error_correction': 'Error Correction (错题订正)'
+    task_map = {
+        'calculation': '基础计算',
+        'word_problem': '应用题',
+        'concept': '概念问答',
+        'error_correction': '错题订正'
     }
-
-    info = f"""### 📋 Sample Metadata (Privacy Fields)
-
-| Field | Value |
-|-------|-------|
-| **Name (姓名)** | {meta['name']} |
-| **Student ID (学号)** | {meta['student_id']} |
-| **Class (班级)** | {meta['class']} |
-| **Score (成绩)** | {meta['score']} |
-| **Task Type** | {task_name_map.get(sample['task_type'], sample['task_type'])} |
-
-> ⚠️ The above are **student privacy fields** that attackers attempt to infer!
-"""
+    info = (
+        "### 📋 样本元信息（隐私字段）\n\n"
+        "| 字段 | 值 |\n"
+        "|------|-----|\n"
+        "| **姓名** | " + str(meta['name']) + " |\n"
+        "| **学号** | " + str(meta['student_id']) + " |\n"
+        "| **班级** | " + str(meta['class']) + " |\n"
+        "| **成绩** | " + str(meta['score']) + " 分 |\n"
+        "| **任务类型** | " + task_map.get(sample['task_type'], sample['task_type']) + " |\n\n"
+        "> ⚠️ 以上就是攻击者试图推断的**学��隐私信息**！\n"
+    )
     return info, sample['question'], sample['answer']
 
 
 def run_mia_demo(sample_index, data_type):
-    """MIA 攻击演示（使用实验中保存的真实 loss 数据）"""
+    # 判断成员/非成员
+    if data_type == "成员数据（训练集）":
+        is_member = True
+        data = member_data
+    else:
+        is_member = False
+        data = non_member_data
 
-    is_member = ("Member" in data_type or "成员" in data_type)
-    idx = min(int(sample_index), 999)
-    data = member_data if is_member else non_member_data
+    idx = min(int(sample_index), len(data) - 1)
     sample = data[idx]
 
-    # 从保存的完整 loss 数据中取出对应样本的真实 loss
+    # 获取真实 loss
     bl = full_results.get('baseline', {})
     if is_member and idx < len(bl.get('member_losses', [])):
         loss = bl['member_losses'][idx]
     elif not is_member and idx < len(bl.get('non_member_losses', [])):
         loss = bl['non_member_losses'][idx]
     else:
-        # 兜底：用统计信息模拟
-        m_mean_fb = mia_results.get('baseline', {}).get('member_loss_mean', 0.19)
-        nm_mean_fb = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.23)
         if is_member:
-            loss = float(np.random.normal(m_mean_fb, 0.02))
+            loss = float(np.random.normal(bl_m_mean, 0.02))
         else:
-            loss = float(np.random.normal(nm_mean_fb, 0.02))
-
-    # 计算阈值
-    m_mean = mia_results.get('baseline', {}).get('member_loss_mean', 0.19)
-    nm_mean = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.23)
-    threshold = (m_mean + nm_mean) / 2.0
+            loss = float(np.random.normal(bl_nm_mean, 0.02))
 
+    threshold = (bl_m_mean + bl_nm_mean) / 2.0
     pred_member = (loss < threshold)
     actual_member = is_member
     attack_correct = (pred_member == actual_member)
 
-    # ===== Loss 位置可视化 =====
+    # 可视化进度条
     bar_total = 40
-    if nm_mean > m_mean:
-        ratio = (loss - m_mean) / (nm_mean - m_mean)
+    if bl_nm_mean > bl_m_mean:
+        ratio = (loss - bl_m_mean) / (bl_nm_mean - bl_m_mean)
     else:
         ratio = 0.5
     ratio = max(0.0, min(1.0, ratio))
     pos = int(bar_total * ratio)
+    bar_visual = "=" * pos + "V" + "=" * (bar_total - pos)
 
-    bar_left = "=" * pos
-    bar_right = "=" * (bar_total - pos)
-    bar_visual = bar_left + "V" + bar_right
-
-    # 阈值位置标记
-    threshold_pos = int(bar_total * 0.5)
-    threshold_bar = " " * threshold_pos + "|"
+    if pred_member:
+        position_text = "成员区（左侧）⚠️ 隐私风险"
+    else:
+        position_text = "非成员区（右侧）✅ 相对安全"
 
-    # 判定文字
     if pred_member:
-        pred_text = "🔴 **MEMBER** (Loss < Threshold → Model is too familiar)"
+        pred_text = "🔴 是训练成员（Loss < 阈值，模型过于熟悉）"
     else:
-        pred_text = "🟢 **NON-MEMBER** (Loss >= Threshold → Model is not familiar)"
+        pred_text = "🟢 不是训练成员（Loss >= 阈值，模型不熟悉）"
 
     if actual_member:
-        actual_text = "🔴 **MEMBER** (This data WAS used in training)"
+        actual_text = "🔴 是训练成员（此数据参与了训练）"
     else:
-        actual_text = "🟢 **NON-MEMBER** (This data was NOT used in training)"
+        actual_text = "🟢 不是训练成员（此数据未参与训练）"
 
     if attack_correct and pred_member and actual_member:
-        result_text = "✅ **ATTACK SUCCESS — Privacy Leaked!**"
-        result_emoji = "⚠️"
+        result_text = "✅ **攻击成功 — 隐私泄露！**"
     elif attack_correct:
-        result_text = "✅ **Correct Judgment**"
-        result_emoji = "✅"
+        result_text = "✅ **判断正确**"
     else:
-        result_text = "❌ **Attack Failed**"
-        result_emoji = "❌"
-
-    result_md = f"""## 🔍 MIA Attack Result
-
- # ===== Build the visualization block as a separate string =====
-    viz_block = (
-        "    Member Zone (Low Loss)              Non-Member Zone (High Loss)\n"
-        "    <--------------------|----------------------->\n"
-        "                     Threshold\n"
-        "\n"
-        f"    [{bar_visual}]\n"
-        "     |                    |                     |\n"
-        "   Member Mean        Threshold           Non-Member Mean\n"
-        f"   {m_mean:.4f}             {threshold:.4f}              {nm_mean:.4f}\n"
-        "\n"
-        f"    Current Loss = {loss:.4f}\n"
-        f"    Position: {position_text}\n"
-    )
+        result_text = "❌ **攻击失误**"
 
-    # ===== Build the warning/safe message =====
     if pred_member:
-        warning_msg = (
-            f"⚠️ **Privacy Risk!** This sample Loss = {loss:.4f} "
-            f"is BELOW the threshold ({threshold:.4f}). "
-            "The model 'remembers' this data — student privacy may be compromised!"
+        warning = (
+            "⚠️ **隐私风险！** 此样本 Loss = " + f"{loss:.4f}"
+            + " 低于阈值（" + f"{threshold:.4f}"
+            + "），模型对它过于'熟悉'，学生隐私可能被推断！"
         )
     else:
-        warning_msg = (
-            f"✅ This sample Loss = {loss:.4f} "
-            f"is ABOVE the threshold ({threshold:.4f}). "
-            "The model shows no special memorization of this data."
+        warning = (
+            "✅ 此样本 Loss = " + f"{loss:.4f}"
+            + " 高于阈值（" + f"{threshold:.4f}"
+            + "），模型对其无特殊记忆，隐私相对安全。"
         )
 
-    # ===== Assemble the final Markdown =====
+    viz = (
+        "    成员区（低Loss）                      非成员区（高Loss）\n"
+        "    <-----------------------|------------------------->\n"
+        "                         阈值\n"
+        "\n"
+        "    [" + bar_visual + "]\n"
+        "     |                      |                       |\n"
+        "   成员均值               阈值                  非成员均值\n"
+        "   " + f"{bl_m_mean:.4f}" + "               "
+        + f"{threshold:.4f}" + "                "
+        + f"{bl_nm_mean:.4f}" + "\n"
+        "\n"
+        "    当前 Loss = " + f"{loss:.4f}" + "\n"
+        "    位置: " + position_text + "\n"
+    )
+
     result_md = (
-        "## 🔍 MIA Attack Result\n\n"
-        "### 📊 Loss Computation\n\n"
-        "| Metric | Value |\n"
-        "|--------|-------|\n"
-        f"| **Sample Loss** | `{loss:.6f}` |\n"
-        f"| **Decision Threshold** | `{threshold:.6f}` |\n"
-        f"| **Member Mean Loss** | `{m_mean:.6f}` |\n"
-        f"| **Non-Member Mean Loss** | `{nm_mean:.6f}` |\n\n"
-        "### 📏 Loss Position Visualization\n\n"
+        "## 🔍 MIA 攻击结果\n\n"
+        "### 📊 Loss 计算\n\n"
+        "| 指标 | 值 |\n"
+        "|------|-----|\n"
+        "| **样本 Loss** | `" + f"{loss:.6f}" + "` |\n"
+        "| **判定阈值** | `" + f"{threshold:.6f}" + "` |\n"
+        "| **成员平均 Loss** | `" + f"{bl_m_mean:.6f}" + "` |\n"
+        "| **非成员平均 Loss** | `" + f"{bl_nm_mean:.6f}" + "` |\n\n"
+        "### 📏 Loss ��置可视化\n\n"
         "```\n"
-        f"{viz_block}"
-        "```\n\n"
-        "### 🎯 Attack Judgment\n\n"
-        "| Item | Result |\n"
-        "|------|--------|\n"
-        f"| **Attacker Prediction** | {result_icon} {pred_text} |\n"
-        f"| **Actual Identity** | {actual_text} |\n"
-        f"| **Attack Outcome** | {result_icon} **{result_text}** |\n\n"
-        "### 💡 How It Works\n\n"
-        "The model produces **lower Loss** on data it was **trained on** "
-        "(it's more \"confident\"). The attacker exploits this statistical difference:\n\n"
-        f"- Loss **below** threshold `{threshold:.4f}` → Predicted as **training member** → ⚠️ Privacy risk\n"
-        f"- Loss **above** threshold `{threshold:.4f}` → Predicted as **non-member** → ✅ Relatively safe\n\n"
-        f"{warning_msg}\n\n"
-        "> 📌 *This demo uses real Loss values saved from the experiment (not real-time inference).*\n"
+        + viz
+        + "```\n\n"
+        "### 🎯 攻击判定\n\n"
+        "| 项目 | 结果 |\n"
+        "|------|------|\n"
+        "| **攻击者预测** | " + pred_text + " |\n"
+        "| **实际身份** | " + actual_text + " |\n"
+        "| **攻击结果** | " + result_text + " |\n\n"
+        "### 💡 原理说明\n\n"
+        "模型对**训练过的数据**产生**更低的 Loss**（更\"自信\"），"
+        "攻击者利用这一统计差异推断成员身份：\n\n"
+        "- Loss **低于** 阈值 " + f"{threshold:.4f}" + " → 判定为**训练成员** → ⚠️ 隐私风险\n"
+        "- Loss **高于** 阈值 " + f"{threshold:.4f}" + " → 判定为**非成员** → ✅ 相对安全\n\n"
+        + warning + "\n\n"
+        "> 📌 本演示使用实验中保存的真实 Loss 数据。\n"
     )
 
-    question_display = f"**📝 Sample #{idx}:**\n\n{sample['question'][:600]}"
-    return question_display, result_md
-    
-### 🎯 Attack Judgment
-
-| Item | Result |
-|------|--------|
-| **Attacker Prediction** | {pred_text} |
-| **Actual Identity** | {actual_text} |
-| **Attack Outcome** | {result_emoji} {result_text} |
-
-### 💡 How It Works
-
-The model produces **lower Loss** on data it was **trained on** (it's more "confident").
-The attacker exploits this statistical difference:
-
-- Loss **below** threshold `{threshold:.4f}` → Predicted as **training member** → ⚠️ Privacy risk
-- Loss **above** threshold `{threshold:.4f}` → Predicted as **non-member** → ✅ Relatively safe
-
-{"⚠️ **Privacy Risk!** This sample's Loss = " + f"{loss:.4f}" + " is BELOW the threshold. The model 'remembers' this data — student privacy may be compromised!" if pred_member else "✅ This sample's Loss = " + f"{loss:.4f}" + " is ABOVE the threshold. The model shows no special memorization of this data."}
-
-> 📌 *This demo uses real Loss values saved from the experiment (not real-time inference).*
-"""
-
-    question_display = f"**📝 Sample #{idx}:**\n\n{sample['question'][:600]}"
+    question_display = "**📝 第 " + str(idx) + " 号样本：**\n\n" + sample['question'][:600]
     return question_display, result_md
 
 
 # ========================================
-# 4. 构建完整 Gradio 界面
+# 4. 构建界面
 # ========================================
 
-custom_css = """
-.gradio-container {
-    max-width: 1280px !important;
-    margin: auto !important;
-}
-.tab-nav button {
-    font-size: 15px !important;
-    padding: 10px 18px !important;
-    font-weight: 600 !important;
-}
-footer {
-    display: none !important;
-}
-"""
-
-# 预先取出常用数值（避免在 Markdown 中报错）
-bl_auc = mia_results.get('baseline', {}).get('auc', 0)
-s002_auc = mia_results.get('smooth_0.02', {}).get('auc', 0)
-s02_auc = mia_results.get('smooth_0.2', {}).get('auc', 0)
-op001_auc = perturb_results.get('perturbation_0.01', {}).get('auc', 0)
-op0015_auc = perturb_results.get('perturbation_0.015', {}).get('auc', 0)
-op002_auc = perturb_results.get('perturbation_0.02', {}).get('auc', 0)
-
-bl_acc = utility_results.get('baseline', {}).get('accuracy', 0) * 100
-s002_acc = utility_results.get('smooth_0.02', {}).get('accuracy', 0) * 100
-s02_acc = utility_results.get('smooth_0.2', {}).get('accuracy', 0) * 100
-
-model_name_str = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
-gpu_name_str = config.get('gpu_name', 'T4')
-data_size_str = config.get('data_size', 2000)
-setup_date_str = config.get('setup_date', 'N/A')
-
+custom_css = (
+    ".gradio-container { max-width: 1280px !important; margin: auto !important; }\n"
+    ".tab-nav button { font-size: 15px !important; padding: 10px 18px !important; font-weight: 600 !important; }\n"
+    "footer { display: none !important; }\n"
+)
 
 with gr.Blocks(
-    title="Education LLM Privacy Attack & Defense",
-    theme=gr.themes.Soft(
-        primary_hue="blue",
-        secondary_hue="sky",
-        neutral_hue="slate"
-    ),
+    title="教育大模型隐私攻防实验",
+    theme=gr.themes.Soft(primary_hue="blue", secondary_hue="sky", neutral_hue="slate"),
     css=custom_css
 ) as demo:
 
     # ============================
-    # Header
+    # 顶部标题
     # ============================
-    gr.Markdown(f"""
-# 🎓 Membership Inference Attack & Defense in Educational LLMs
-### 教育大模型中的成员推理攻击及其防御研究
-
----
-
-> **Goal**: Investigate privacy leakage risks in educational LLMs and evaluate **Label Smoothing** + **Output Perturbation** as defense strategies.
-
-> **Tech Stack**: `Qwen2.5-Math-1.5B` · `LoRA Fine-tuning` · `Loss-based MIA` · `Label Smoothing` · `Output Perturbation`
-    """)
+    gr.Markdown(
+        "# 🎓 教育大模型中的成员推理攻击及其防御研究\n"
+        "### Membership Inference Attack & Defense in Educational LLMs\n\n"
+        "---\n\n"
+        "> **研究目标**：探究教育场景下大语言模型的隐私泄露风险，"
+        "验证**标签平滑**和**输出扰动**两种防御策略的效果与局限。\n\n"
+        "> **技术栈**：`Qwen2.5-Math-1.5B` · `LoRA微调` · `Loss-based MIA` · "
+        "`标签平滑` · `输出扰动`\n"
+    )
 
     # ============================
-    # Tab 1: Project Overview
+    # Tab 1: 项目概览
     # ============================
-    with gr.Tab("🏠 Project Overview"):
-
-        overview_md = (
-            "## 📖 Research Background\n\n"
-            "As LLMs are increasingly deployed in education (tutoring systems, personalized learning),\n"
-            "they inevitably process student **private data** (names, IDs, grades).\n\n"
-            "**Membership Inference Attack (MIA)** can determine whether a data sample was used to train\n"
-            "the model, potentially exposing student privacy.\n\n"
+    with gr.Tab("🏠 项目概览"):
+        gr.Markdown(
+            "## 📖 研究背景\n\n"
+            "随着大语言模型在教育领域广泛应用（智能辅导、个性化学习等），"
+            "模型训练不可避免地接触到学生隐私数据（姓名、学号、成绩等）。\n\n"
+            "**成员推理攻击（MIA）** 可以判断某条数据是否用于模型训练，从而推断学生隐私。\n\n"
             "---\n\n"
-            "## 🔬 Research Design\n\n"
-            "| Phase | Content | Details |\n"
-            "|-------|---------|--------|\n"
-            "| 📂 Data | 2000 math tutoring dialogues | Contains names, student IDs, grades |\n"
-            "| 🧠 Training | Qwen2.5-Math + LoRA | Baseline + 2 label smoothing models |\n"
-            "| ⚔️ Attack | Loss-based MIA | Classify members by output loss |\n"
-            "| 🛡️ Train-time Defense | Label Smoothing (e=0.02, 0.2) | Regularization during training |\n"
-            "| 🛡️ Inference-time Defense | Output Perturbation (s=0.01~0.02) | Add noise at inference |\n"
-            "| 📊 Evaluation | Privacy-Utility Trade-off | AUC + Accuracy |\n\n"
+            "## 🔬 研究设计\n\n"
+            "| 阶段 | 内容 | 说明 |\n"
+            "|------|------|------|\n"
+            "| 📂 数据准备 | 2000条小学数学辅导对话 | 含姓名、学号、成绩等隐私 |\n"
+            "| 🧠 模型训练 | Qwen2.5-Math + LoRA | 基线 + 两个标签平滑模型 |\n"
+            "| ⚔️ 攻击测试 | Loss-based MIA | 基于Loss判断成员身份 |\n"
+            "| 🛡️ 训练期防御 | 标签平滑 (e=0.02, 0.2) | 训练时正则化 |\n"
+            "| 🛡️ 推理期防御 | 输出扰动 (s=0.01~0.02) | 推理时加噪声 |\n"
+            "| 📊 综合评估 | 隐私-效用权衡 | AUC + 准确率 |\n\n"
             "---\n\n"
-            "## ⚙️ Experiment Configuration\n\n"
-            "| Item | Value |\n"
-            "|------|-------|\n"
-            f"| **Base Model** | {model_name_str} |\n"
-            "| **Fine-tuning** | LoRA (r=8, alpha=16) |\n"
-            "| **Training Epochs** | 10 |\n"
-            f"| **Dataset Size** | {data_size_str} (1000 member + 1000 non-member) |\n"
-            f"| **GPU** | {gpu_name_str} |\n"
-            f"| **Date** | {setup_date_str} |\n\n"
+            "## ⚙️ 实验配置\n\n"
+            "| 配置项 | 值 |\n"
+            "|--------|-----|\n"
+            "| **基座模型** | " + model_name_str + " |\n"
+            "| **微调方法** | LoRA (r=8, alpha=16) |\n"
+            "| **训练轮数** | 10 epochs |\n"
+            "| **数据总量** | " + str(data_size_str) + " 条（成员1000 + 非成员1000）|\n"
+            "| **GPU** | " + gpu_name_str + " |\n"
+            "| **实验日期** | " + setup_date_str + " |\n\n"
             "---\n\n"
-            "## 📐 Technical Pipeline\n\n"
+            "## 📐 技术路线\n\n"
             "```\n"
-            "+-------------+     +-------------------+     +-----------+     +-------------------+     +------------+\n"
-            "| Data Gen    | --> | Baseline Training | --> | MIA Attack| --> | Defense Deploy    | --> | Evaluation |\n"
-            "| (2000)      |     | (LoRA fine-tune)  |     | (Loss)    |     | (LS + OP)         |     | (AUC+Acc)  |\n"
-            "+-------------+     +--------+----------+     +-----------+     +-------------------+     +------------+\n"
-            "                             |                                          |\n"
-            "                             +-- Label Smoothing Training --------------+\n"
-            "                                 (e=0.02, e=0.2)\n"
+            "+----------+    +-----------+    +----------+    +----------+    +----------+\n"
+            "| 数据生成  |--->| 基线训练   |--->| MIA攻击  |--->| 防御部署  |--->| 综合评估  |\n"
+            "| (2000条)  |    | (LoRA)    |    | (Loss)   |    | (LS+OP)  |    | (AUC+Acc)|\n"
+            "+----------+    +-----+-----+    +----------+    +----------+    +----------+\n"
+            "                      |                                |\n"
+            "                      +--- 标签平滑模型训练 -----------+\n"
+            "                           (e=0.02, e=0.2)\n"
             "```\n"
         )
 
-        gr.Markdown(overview_md)
-        # ============================
-    # Tab 2: Data Explorer
     # ============================
-    with gr.Tab("📊 Data Explorer"):
-        gr.Markdown("""
-## 📂 Dataset Overview
-
-- **Member data (Training set)**: 1000 samples — used to train the model
-- **Non-member data (Test set)**: 1000 samples — NOT used in training
-- Each sample contains **student privacy**: name, student ID, class, score
-        """)
+    # Tab 2: 数据展示
+    # ============================
+    with gr.Tab("📊 数据展示"):
+        gr.Markdown(
+            "## 📂 数据集概况\n\n"
+            "- **成员数据（训练集）**：1000条，用于训练模型\n"
+            "- **非成员数据（测试集）**：1000条，不参与训练\n"
+            "- 每条数据包含**学生隐私信息**（姓名、学号、班级、成绩）\n"
+        )
 
         with gr.Row():
             with gr.Column(scale=1):
-                gr.Markdown("### 📊 Task Distribution")
+                gr.Markdown("### 📊 任务类型分布")
                 gr.Plot(value=make_pie_chart())
-
             with gr.Column(scale=1):
-                gr.Markdown("### 🔍 Random Sample Viewer")
-                data_type_selector = gr.Radio(
-                    choices=[
-                        "Member Data (Training Set / 成员数据)",
-                        "Non-Member Data (Test Set / 非成员数据)"
-                    ],
-                    value="Member Data (Training Set / 成员数据)",
-                    label="Select Data Type"
-                )
-                sample_btn = gr.Button(
-                    "🎲 Random Sample", variant="primary"
+                gr.Markdown("### 🔍 随机查看样本")
+                data_sel = gr.Radio(
+                    choices=["成员数据（训练集）", "非成员数据（测试集）"],
+                    value="成员数据（训练集）",
+                    label="选择数据类型"
                 )
+                sample_btn = gr.Button("🎲 随机抽取样本", variant="primary")
 
         sample_info = gr.Markdown()
         with gr.Row():
-            sample_q = gr.Textbox(
-                label="📝 Student Question", lines=7, interactive=False
-            )
-            sample_a = gr.Textbox(
-                label="💡 Model Answer", lines=7, interactive=False
-            )
+            sample_q = gr.Textbox(label="📝 学生提问", lines=7, interactive=False)
+            sample_a = gr.Textbox(label="💡 模型回答", lines=7, interactive=False)
 
         sample_btn.click(
             fn=show_random_sample,
-            inputs=[data_type_selector],
+            inputs=[data_sel],
             outputs=[sample_info, sample_q, sample_a]
         )
 
     # ============================
-    # Tab 3: MIA Attack Demo
+    # Tab 3: MIA 攻击演示
     # ============================
-    with gr.Tab("⚔️ MIA Attack Demo"):
-        gr.Markdown("""
-## ⚔️ Live Membership Inference Attack
-
-**How it works**: The model produces **lower Loss** on training data (it's more "confident").
-The attacker uses a **threshold** on Loss to predict membership.
-
-### 📌 Steps:
-1️⃣ Select data source (Member / Non-Member)
-2️⃣ Choose a sample index (0-999)
-3️⃣ Click **"Run Attack"** to see the result
-        """)
+    with gr.Tab("⚔️ MIA攻击演示"):
+        gr.Markdown(
+            "## ⚔️ 实时成员推理攻击\n\n"
+            "**攻击原理**：模型对训练过的数据产生更低的Loss（更\"自信\"），"
+            "攻击者利用Loss阈值判断成员身份。\n\n"
+            "### 📌 操作步骤\n"
+            "1️⃣ 选择数据来源（成员/非成员）\n"
+            "2️⃣ 拖动滑块选择样本编号\n"
+            "3️⃣ 点击 **\"执行攻击\"** 查看结果\n"
+        )
 
         with gr.Row():
             with gr.Column(scale=1):
                 atk_data_type = gr.Radio(
-                    choices=[
-                        "Member Data (成员数据)",
-                        "Non-Member Data (非成员数据)"
-                    ],
-                    value="Member Data (成员数据)",
-                    label="📂 Data Source"
+                    choices=["成员数据（训练集）", "非成员数据（测试集）"],
+                    value="成员数据（训练集）",
+                    label="📂 数据来源"
                 )
                 atk_index = gr.Slider(
                     minimum=0, maximum=999, step=1, value=0,
-                    label="📌 Sample Index (0-999)"
-                )
-                atk_btn = gr.Button(
-                    "⚔️ Run MIA Attack",
-                    variant="primary",
-                    size="lg"
+                    label="📌 样本编号 (0-999)"
                 )
-
+                atk_btn = gr.Button("⚔️ 执行MIA攻击", variant="primary", size="lg")
             with gr.Column(scale=1):
-                atk_question = gr.Markdown(label="Sample Content")
+                atk_question = gr.Markdown()
 
         atk_result = gr.Markdown()
 
@@ -719,245 +520,174 @@ The attacker uses a **threshold** on Loss to predict membership.
         )
 
     # ============================
-    # Tab 4: Defense Comparison
+    # Tab 4: 防御对比
     # ============================
-    with gr.Tab("🛡️ Defense Comparison"):
-        gr.Markdown("""
-## 🛡️ Defense Strategy Comparison
-
-| Strategy | Type | Mechanism | Pros | Cons |
-|----------|------|-----------|------|------|
-| **Label Smoothing** | Train-time | Soften labels to prevent overfitting | Reduces memorization | May hurt utility |
-| **Output Perturbation** | Inference-time | Add Gaussian noise to Loss | Zero utility loss | Only masks signal |
-        """)
+    with gr.Tab("🛡️ 防御对比"):
+        gr.Markdown(
+            "## 🛡️ 防御策略效果对比\n\n"
+            "| 策略 | 类型 | 原理 | 优点 | 缺点 |\n"
+            "|------|------|------|------|------|\n"
+            "| **标签平滑** | 训练期 | 软化标签防止过拟合 | 从根源降低记忆 | 可能损失效用 |\n"
+            "| **输出扰动** | 推理期 | Loss加高斯噪声 | 零效用损失 | 只遮蔽统计信号 |\n"
+        )
 
         with gr.Row():
             with gr.Column():
-                gr.Markdown("### 📊 AUC Comparison (All Defenses)")
+                gr.Markdown("### 📊 所有防御策略AUC对比")
                 gr.Plot(value=make_auc_bar())
-
             with gr.Column():
-                gr.Markdown("### 📈 Loss Distribution (Baseline vs LS)")
+                gr.Markdown("### 📈 Loss分布对比")
                 gr.Plot(value=make_loss_distribution())
 
-        # Results table
-        gr.Markdown("### 📋 Detailed Results")
-
-        def risk_badge(auc_val):
-            if auc_val > 0.62:
-                return "🔴 High"
-            elif auc_val > 0.55:
-                return "🟡 Medium"
-            else:
-                return "🟢 Low"
-
-        table = "| Strategy | Type | AUC | Privacy Risk |\n"
-        table += "|----------|------|-----|-------------|\n"
-
-        for k, name, cat in [
-            ('baseline', 'Baseline (No Defense)', '—'),
-            ('smooth_0.02', 'Label Smoothing e=0.02', 'Train-time'),
-            ('smooth_0.2', 'Label Smoothing e=0.2', 'Train-time'),
-        ]:
+        # 结果表格
+        table = (
+            "### 📋 完整实验结果\n\n"
+            "| 策略 | 类型 | AUC | 隐私风险 |\n"
+            "|------|------|-----|----------|\n"
+        )
+        for k, name, cat in [('baseline', '基线（无防御）', '—'),
+                              ('smooth_0.02', '标签平滑 e=0.02', '训练期'),
+                              ('smooth_0.2', '标签平滑 e=0.2', '训练期')]:
             if k in mia_results:
                 a = mia_results[k]['auc']
-                table += f"| {name} | {cat} | **{a:.4f}** | {risk_badge(a)} |\n"
-
-        for k, name in [
-            ('perturbation_0.01', 'Output Perturbation s=0.01'),
-            ('perturbation_0.015', 'Output Perturbation s=0.015'),
-            ('perturbation_0.02', 'Output Perturbation s=0.02'),
-        ]:
+                table += "| " + name + " | " + cat + " | **" + f"{a:.4f}" + "** | " + risk_badge(a) + " |\n"
+        for k, name in [('perturbation_0.01', '输出扰动 s=0.01'),
+                         ('perturbation_0.015', '输出扰动 s=0.015'),
+                         ('perturbation_0.02', '输出扰动 s=0.02')]:
             if k in perturb_results:
                 a = perturb_results[k]['auc']
-                table += f"| {name} | Inference-time | **{a:.4f}** | {risk_badge(a)} |\n"
-
+                table += "| " + name + " | 推理期 | **" + f"{a:.4f}" + "** | " + risk_badge(a) + " |\n"
         gr.Markdown(table)
 
     # ============================
-    # Tab 5: Output Perturbation
+    # Tab 5: 输出扰动
     # ============================
-    with gr.Tab("🔊 Output Perturbation"):
-        gr.Markdown(f"""
-## 🔊 Output Perturbation Defense
-
-### 📌 Core Idea
-
-At **inference time**, add **Gaussian noise** to the model's output Loss:
-
-**Loss_perturbed = Loss_original + N(0, sigma^2)**
-
-### ✅ Key Advantage
-- **No retraining needed** (zero deployment cost)
-- **No utility loss** (accuracy stays exactly the same)
-- Noise level sigma can be tuned dynamically
-
-### 📊 Experiment Results
-
-| sigma | AUC | AUC Reduction | Accuracy | Note |
-|-------|-----|--------------|----------|------|
-| 0 (Baseline) | **{bl_auc:.4f}** | — | {bl_acc:.1f}% | No defense |
-| 0.01 | **{op001_auc:.4f}** | ↓{bl_auc - op001_auc:.4f} | {bl_acc:.1f}% (unchanged) | Mild |
-| 0.015 | **{op0015_auc:.4f}** | ↓{bl_auc - op0015_auc:.4f} | {bl_acc:.1f}% (unchanged) | Moderate |
-| 0.02 | **{op002_auc:.4f}** | ↓{bl_auc - op002_auc:.4f} | {bl_acc:.1f}% (unchanged) | **Recommended** |
-
-### 💡 Key Finding
-
-> Output Perturbation (s=0.02) reduces AUC from {bl_auc:.4f} to **{op002_auc:.4f}**
-> while keeping accuracy at **{bl_acc:.1f}%** — truly a **zero-cost defense**!
-        """)
+    with gr.Tab("🔊 输出扰动"):
+        gr.Markdown(
+            "## 🔊 输出扰动防御详解\n\n"
+            "### 📌 核心思想\n\n"
+            "在**推理阶段**，对模型返回的Loss值添加**高斯噪声**：\n\n"
+            "**Loss_new = Loss_original + N(0, sigma^2)**\n\n"
+            "### ✅ 最大优势\n"
+            "- **不需要重新训练模型**（部署成本为零）\n"
+            "- **不影响模型效用**（准确率完全不变）\n"
+            "- 噪声强度sigma可以动态调节\n\n"
+            "### 📊 实验结果\n\n"
+            "| sigma | AUC | 相比基线降低 | 准确率 | 说明 |\n"
+            "|-------|-----|-------------|--------|------|\n"
+            "| 0（基线）| **" + f"{bl_auc:.4f}" + "** | — | " + f"{bl_acc:.1f}" + "% | 无防御 |\n"
+            "| 0.01 | **" + f"{op001_auc:.4f}" + "** | ↓" + f"{bl_auc - op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "%（不变）| 温和 |\n"
+            "| 0.015 | **" + f"{op0015_auc:.4f}" + "** | ↓" + f"{bl_auc - op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "%（不变）| 适中 |\n"
+            "| 0.02 | **" + f"{op002_auc:.4f}" + "** | ↓" + f"{bl_auc - op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "%（不变）| **推荐** |\n\n"
+            "### 💡 核心发现\n\n"
+            "> 输出扰动 (s=0.02) 将AUC从 " + f"{bl_auc:.4f}" + " 降至 **" + f"{op002_auc:.4f}" + "**，"
+            "准确率 **" + f"{bl_acc:.1f}" + "%** 完全不变 — 真正的**零成本防御**！\n"
+        )
 
     # ============================
-    # Tab 6: Utility Evaluation
+    # Tab 6: 效用评估
     # ============================
-    with gr.Tab("📝 Utility Evaluation"):
-        gr.Markdown("""
-## 📐 Model Utility Evaluation
-
-> Defense must not sacrifice too much utility.
-> Test set: **300 math questions** covering calculation, word problems, and concept Q&A.
-        """)
+    with gr.Tab("📝 效用评估"):
+        gr.Markdown(
+            "## 📐 模型效用评估\n\n"
+            "> 防御不能\"只管隐私不管效果\"。本节评估各模型在 **300道数学题** 上的准确率。\n"
+        )
 
         with gr.Row():
             with gr.Column():
-                gr.Markdown("### 📊 Accuracy Comparison")
+                gr.Markdown("### 📊 准确率对比")
                 gr.Plot(value=make_accuracy_bar())
             with gr.Column():
-                gr.Markdown("### ⚖️ Privacy-Utility Trade-off")
+                gr.Markdown("### ⚖️ 隐私-效用权衡")
                 gr.Plot(value=make_tradeoff())
 
-        # Utility table
-        ut = "| Strategy | Accuracy | AUC | Risk | Utility Impact |\n"
-        ut += "|----------|----------|-----|------|---------------|\n"
-
-        for k, name in [
-            ('baseline', 'Baseline'),
-            ('smooth_0.02', 'LS e=0.02'),
-            ('smooth_0.2', 'LS e=0.2'),
-        ]:
+        ut = (
+            "### 📋 效用评估详情\n\n"
+            "| 策略 | 准确率 | AUC | 风险 | 效用影响 |\n"
+            "|------|--------|-----|------|----------|\n"
+        )
+        for k, name in [('baseline', '基线'), ('smooth_0.02', '标签平滑 e=0.02'),
+                         ('smooth_0.2', '标签平滑 e=0.2')]:
             if k in utility_results and k in mia_results:
                 acc = utility_results[k]['accuracy'] * 100
                 auc = mia_results[k]['auc']
-                impact = "—" if k == 'baseline' else (
-                    "✅ Improved" if acc > bl_acc else "⚠️ Decreased"
-                )
-                ut += f"| {name} | **{acc:.1f}%** | {auc:.4f} | {risk_badge(auc)} | {impact} |\n"
-
-        for k, name in [
-            ('perturbation_0.01', 'OP s=0.01'),
-            ('perturbation_0.02', 'OP s=0.02'),
-        ]:
+                impact = "—" if k == 'baseline' else ("✅ 提升" if acc > bl_acc else "⚠️ 下降")
+                ut += "| " + name + " | **" + f"{acc:.1f}" + "%** | " + f"{auc:.4f}" + " | " + risk_badge(auc) + " | " + impact + " |\n"
+        for k, name in [('perturbation_0.01', '输出扰动 s=0.01'), ('perturbation_0.02', '输出扰动 s=0.02')]:
             if k in perturb_results:
-                ut += (f"| {name} | **{bl_acc:.1f}%** | "
-                       f"{perturb_results[k]['auc']:.4f} | "
-                       f"{risk_badge(perturb_results[k]['auc'])} | ✅ No change |\n")
-
+                ut += "| " + name + " | **" + f"{bl_acc:.1f}" + "%** | " + f"{perturb_results[k]['auc']:.4f}" + " | " + risk_badge(perturb_results[k]['auc']) + " | ✅ 无影响 |\n"
         gr.Markdown(ut)
 
     # ============================
-    # Tab 7: Paper Figures
+    # Tab 7: 论文图表
     # ============================
-    with gr.Tab("📄 Paper Figures"):
-        gr.Markdown("## 📄 Publication-Quality Figures (300 DPI)")
-
-        figure_items = [
-            ("fig1_loss_distribution_comparison.png",
-             "Figure 1: Loss Distribution — Baseline vs Label Smoothing"),
-            ("fig2_privacy_utility_tradeoff_fixed.png",
-             "Figure 2: Privacy-Utility Trade-off Analysis"),
-            ("fig3_defense_comparison_bar.png",
-             "Figure 3: Defense Mechanism AUC Comparison"),
-        ]
-
-        for filename, caption in figure_items:
-            path = os.path.join(BASE_DIR, "figures", filename)
+    with gr.Tab("📄 论文图表"):
+        gr.Markdown("## 📄 学术级论文图表（300 DPI）")
+
+        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1：Loss分布对比"),
+                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2：隐私-效用权衡"),
+                         ("fig3_defense_comparison_bar.png", "图3：防御效果柱状图")]:
+            path = os.path.join(BASE_DIR, "figures", fn)
             if os.path.exists(path):
-                gr.Markdown(f"### {caption}")
+                gr.Markdown("### " + cap)
                 gr.Image(value=path, show_label=False, height=420)
                 gr.Markdown("---")
             else:
-                gr.Markdown(
-                    f"### {caption}\n\n"
-                    f"> ⚠️ File not found: `figures/{filename}` — "
-                    f"this figure is optional."
-                )
+                gr.Markdown("### " + cap + "\n\n> ⚠️ 文件未找到：" + fn + "（不影响核心功能）")
 
     # ============================
-    # Tab 8: Conclusions
+    # Tab 8: 研究结论
     # ============================
-    with gr.Tab("🎓 Conclusions"):
-        gr.Markdown(f"""
-## 📝 Research Conclusions
-
----
-
-### 🔬 Core Findings
-
-#### Finding 1: MIA poses a real threat to educational LLMs
-Baseline AUC = **{bl_auc:.4f}** (significantly above random guess of 0.5).
-Attackers can infer student data membership with high probability.
-
-#### Finding 2: Label Smoothing effectively reduces risk
-
-| Strategy | AUC | Accuracy | Verdict |
-|----------|-----|----------|---------|
-| Baseline | {bl_auc:.4f} | {bl_acc:.1f}% | High privacy risk |
-| LS e=0.02 | {s002_auc:.4f} | {s002_acc:.1f}% | ✅ **Recommended** |
-| LS e=0.2 | {s02_auc:.4f} | {s02_acc:.1f}% | ⚠️ Strong defense, possible utility impact |
-
-#### Finding 3: Output Perturbation is a zero-cost defense
-sigma=0.02 reduces AUC from {bl_auc:.4f} to **{op002_auc:.4f}** with **zero accuracy loss**.
-
-#### Finding 4: Best practice — combine both defenses
-> **Recommended**: LS e=0.02 (training) + OP s=0.02 (inference) = **Dual Protection**
-
----
-
-### 🎤 Defense Presentation Script
-
-> "This study uses a math tutoring scenario with Qwen2.5-Math-1.5B + LoRA fine-tuning.
-> The baseline model shows AUC={bl_auc:.4f}, indicating significant privacy leakage risk.
-> We evaluate two complementary defenses: **Label Smoothing** (train-time, e=0.02)
-> and **Output Perturbation** (inference-time, s=0.02).
-> Output perturbation achieves **zero utility loss**, making it ideal for practical deployment.
-> The study reveals the fundamental privacy-utility trade-off in educational AI."
-
----
-
-### 📚 Innovation Points
-
-1. **Novel scenario** — Focus on educational LLM privacy (not general NLP)
-2. **Dual defense** — Both train-time and inference-time strategies
-3. **Practical** — Label smoothing = 1 line of code; Output perturbation = 1 line of code
-4. **Comprehensive** — Attack + Defense + Utility + Trade-off analysis
-
----
-
-### 🔮 Future Work
-
-- Explore **Differential Privacy (DP-SGD)** for stronger guarantees
-- Test **Shadow Model Attack** and other advanced MIA variants
-- Validate on real educational datasets
-- Investigate **Federated Learning** for educational model privacy
-        """)
+    with gr.Tab("🎓 研究结论"):
+        gr.Markdown(
+            "## 📝 核心结论\n\n"
+            "---\n\n"
+            "### 发现一：MIA对教育大模型构成现实威胁\n\n"
+            "基线模型AUC = **" + f"{bl_auc:.4f}" + "**，远高于随机猜测（0.5），"
+            "攻击者可以较高概率推断学生隐私。\n\n"
+            "### 发现二：标签平滑是有效的训练期防御\n\n"
+            "| 策略 | AUC | 准确率 | 评价 |\n"
+            "|------|-----|--------|------|\n"
+            "| 基线（无防御）| " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 隐私风险高 |\n"
+            "| 标签平滑 e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | ✅ **推荐** |\n"
+            "| 标签平滑 e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | ⚠️ 防御强但效用受影响 |\n\n"
+            "### 发现三：输出扰动是零成本的推理期防御\n\n"
+            "s=0.02 将AUC从 " + f"{bl_auc:.4f}" + " 降至 **" + f"{op002_auc:.4f}" + "**，准确率**不变**。\n\n"
+            "### 发现四：双重防御可叠加使用\n\n"
+            "> **推荐方案**：标签平滑 e=0.02（训练期）+ 输出扰动 s=0.02（推理期）= **双重防护**\n\n"
+            "---\n\n"
+            "### 🎤 答辩话术\n\n"
+            "> \"本研究以小学数学智能辅导系统为场景，使用Qwen2.5-Math-1.5B + LoRA微调。\n"
+            "> 基线模型AUC=" + f"{bl_auc:.4f}" + "，存在显著隐私泄露风险。\n"
+            "> 通过**训练期标签平滑**(e=0.02)和**推理期输出扰动**(s=0.02)两种防御，\n"
+            "> 有效降低了攻击成功率，其中输出扰动实现了**零效用损失**。\n"
+            "> 研究揭示了教育AI领域隐私保护与模型效用之间的权衡关系。\"\n\n"
+            "---\n\n"
+            "### 📚 创新点\n\n"
+            "1. **场景新颖** — 聚焦教育领域LLM隐私（而非通用NLP）\n"
+            "2. **双重防御** — 同时研究训练期 + 推理期防御策略\n"
+            "3. **工程可行** — 标签平滑一行代码，输出扰动一行代码\n"
+            "4. **实验完整** — 攻击 + 防御 + 效用评估 + 权衡分析\n\n"
+            "---\n\n"
+            "### 🔮 未来工作\n\n"
+            "- ��索**差分隐私 (DP-SGD)** 等更强防御\n"
+            "- 测试 **Shadow Model Attack** 等更强攻击\n"
+            "- 在真实教育数据集上验证\n"
+            "- 研究**联邦学习**框架下的教育模型隐私\n"
+        )
 
     # ============================
-    # Footer
+    # 底部
     # ============================
-    gr.Markdown("""
----
-<center>
-
-🎓 **Membership Inference Attack & Defense in Educational LLMs**
-
-`Qwen2.5-Math-1.5B` · `LoRA` · `MIA` · `Label Smoothing` · `Output Perturbation` · `Gradio`
-
-</center>
-    """)
-
+    gr.Markdown(
+        "---\n"
+        "<center>\n\n"
+        "🎓 **教育大模型中的成员推理攻击及其防御思路研究**\n\n"
+        "`Qwen2.5-Math-1.5B` · `LoRA` · `MIA` · `标签平滑` · `输出扰动` · `Gradio`\n\n"
+        "</center>\n"
+    )
 
 # ========================================
-# 5. Launch
+# 5. 启动
 # ========================================
-demo.launch()
-
+demo.launch()