Update app.py

app.py

@@ -5,12 +5,8 @@ import numpy as np
 import matplotlib
 matplotlib.use('Agg')
 import matplotlib.pyplot as plt
-from matplotlib.patches import FancyBboxPatch
 import gradio as gr
 
-# ========================================
-# 1. Load Data
-# ========================================
 BASE_DIR = os.path.dirname(os.path.abspath(__file__))
 
 
@@ -39,7 +35,6 @@ config = load_json("config.json")
 plt.rcParams['font.sans-serif'] = ['DejaVu Sans']
 plt.rcParams['axes.unicode_minus'] = False
 
-# Pre-fetch values
 bl_auc = mia_results.get('baseline', {}).get('auc', 0)
 s002_auc = mia_results.get('smooth_0.02', {}).get('auc', 0)
 s02_auc = mia_results.get('smooth_0.2', {}).get('auc', 0)
@@ -53,12 +48,29 @@ bl_m_mean = mia_results.get('baseline', {}).get('member_loss_mean', 0.19)
 bl_nm_mean = mia_results.get('baseline', {}).get('non_member_loss_mean', 0.23)
 bl_m_std = mia_results.get('baseline', {}).get('member_loss_std', 0.03)
 bl_nm_std = mia_results.get('baseline', {}).get('non_member_loss_std', 0.03)
+
+s002_m_mean = mia_results.get('smooth_0.02', {}).get('member_loss_mean', 0.20)
+s002_nm_mean = mia_results.get('smooth_0.02', {}).get('non_member_loss_mean', 0.22)
+s002_m_std = mia_results.get('smooth_0.02', {}).get('member_loss_std', 0.03)
+s002_nm_std = mia_results.get('smooth_0.02', {}).get('non_member_loss_std', 0.03)
+
+s02_m_mean = mia_results.get('smooth_0.2', {}).get('member_loss_mean', 0.21)
+s02_nm_mean = mia_results.get('smooth_0.2', {}).get('non_member_loss_mean', 0.22)
+s02_m_std = mia_results.get('smooth_0.2', {}).get('member_loss_std', 0.03)
+s02_nm_std = mia_results.get('smooth_0.2', {}).get('non_member_loss_std', 0.03)
+
 model_name_str = config.get('model_name', 'Qwen/Qwen2.5-Math-1.5B-Instruct')
 data_size_str = str(config.get('data_size', 2000))
 
+MODEL_PARAMS = {
+    "baseline": {"m_mean": bl_m_mean, "nm_mean": bl_nm_mean, "m_std": bl_m_std, "nm_std": bl_nm_std, "key": "baseline", "label": "Baseline"},
+    "smooth_0.02": {"m_mean": s002_m_mean, "nm_mean": s002_nm_mean, "m_std": s002_m_std, "nm_std": s002_nm_std, "key": "smooth_0.02", "label": "LS(e=0.02)"},
+    "smooth_0.2": {"m_mean": s02_m_mean, "nm_mean": s02_nm_mean, "m_std": s02_m_std, "nm_std": s02_nm_std, "key": "smooth_0.2", "label": "LS(e=0.2)"},
+}
+
 
 # ========================================
-# 2. Chart Functions
+# Charts
 # ========================================
 
 def make_pie_chart():
@@ -66,75 +78,76 @@ def make_pie_chart():
     for item in member_data + non_member_data:
         t = item.get('task_type', 'unknown')
         tc[t] = tc.get(t, 0) + 1
-    nm = {'calculation': 'Calculation', 'word_problem': 'Word Problem',
-          'concept': 'Concept Q&A', 'error_correction': 'Error Correction'}
+    nm = {'calculation': 'Calculation\n(Ji Chu Ji Suan)', 'word_problem': 'Word Problem\n(Ying Yong Ti)',
+          'concept': 'Concept Q&A\n(Gai Nian Wen Da)', 'error_correction': 'Error Correction\n(Cuo Ti Ding Zheng)'}
     labels = [nm.get(k, k) for k in tc]
     sizes = list(tc.values())
     colors = ['#5B8FF9', '#5AD8A6', '#F6BD16', '#E86452']
-    fig, ax = plt.subplots(figsize=(6, 5))
+    fig, ax = plt.subplots(figsize=(6.5, 5.5))
     wedges, texts, autotexts = ax.pie(
         sizes, labels=labels, autopct='%1.1f%%', colors=colors[:len(labels)],
-        startangle=90, textprops={'fontsize': 10},
+        startangle=90, textprops={'fontsize': 9},
         wedgeprops={'edgecolor': 'white', 'linewidth': 2})
     for t in autotexts:
         t.set_fontsize(10)
         t.set_fontweight('bold')
-    ax.set_title('Task Type Distribution', fontsize=13, fontweight='bold', pad=10)
     plt.tight_layout()
     return fig
 
 
 def make_loss_distribution():
     items = []
-    for k, t in [('baseline', 'Baseline'), ('smooth_0.02', 'LS (e=0.02)'), ('smooth_0.2', 'LS (e=0.2)')]:
+    for k, t in [('baseline', 'Baseline'), ('smooth_0.02', 'LS(e=0.02)'), ('smooth_0.2', 'LS(e=0.2)')]:
         if k in full_results:
             auc = mia_results.get(k, {}).get('auc', 0)
-            items.append((k, t + " | AUC=" + f"{auc:.4f}"))
+            items.append((k, t + "\nAUC=" + f"{auc:.4f}"))
     n = len(items)
     if n == 0:
         fig, ax = plt.subplots()
         ax.text(0.5, 0.5, 'No data', ha='center')
         return fig
-    fig, axes = plt.subplots(1, n, figsize=(5 * n, 4))
+    fig, axes = plt.subplots(1, n, figsize=(4.8 * n, 4.2))
     if n == 1:
         axes = [axes]
     for ax, (k, title) in zip(axes, items):
         m = full_results[k]['member_losses']
-        nm = full_results[k]['non_member_losses']
-        bins = np.linspace(min(min(m), min(nm)), max(max(m), max(nm)), 35)
-        ax.hist(m, bins=bins, alpha=0.6, color='#5B8FF9', label='Member', density=True)
-        ax.hist(nm, bins=bins, alpha=0.6, color='#E86452', label='Non-Member', density=True)
-        ax.set_title(title, fontsize=11, fontweight='bold')
-        ax.set_xlabel('Loss', fontsize=9)
-        ax.set_ylabel('Density', fontsize=9)
-        ax.legend(fontsize=8)
+        nm_l = full_results[k]['non_member_losses']
+        lo = min(min(m), min(nm_l))
+        hi = max(max(m), max(nm_l))
+        bins = np.linspace(lo, hi, 30)
+        ax.hist(m, bins=bins, alpha=0.55, color='#5B8FF9', label='Member', density=True)
+        ax.hist(nm_l, bins=bins, alpha=0.55, color='#E86452', label='Non-Member', density=True)
+        ax.set_title(title, fontsize=10, fontweight='bold')
+        ax.set_xlabel('Loss', fontsize=8)
+        ax.set_ylabel('Density', fontsize=8)
+        ax.legend(fontsize=7, loc='upper right')
+        ax.tick_params(labelsize=7)
         ax.grid(True, linestyle='--', alpha=0.3)
         ax.spines['top'].set_visible(False)
         ax.spines['right'].set_visible(False)
-    plt.tight_layout()
+    plt.tight_layout(pad=1.5)
     return fig
 
 
 def make_auc_bar():
     methods, aucs, colors = [], [], []
-    for k, name, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'),
-                        ('smooth_0.2', 'LS (e=0.2)', '#3D76DD')]:
+    for k, name, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS(e=0.02)', '#5B8FF9'),
+                        ('smooth_0.2', 'LS(e=0.2)', '#3D76DD')]:
         if k in mia_results:
             methods.append(name); aucs.append(mia_results[k]['auc']); colors.append(c)
-    for k, name, c in [('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'),
-                        ('perturbation_0.015', 'OP (s=0.015)', '#2EAD78'),
-                        ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A')]:
+    for k, name, c in [('perturbation_0.01', 'OP(s=0.01)', '#5AD8A6'),
+                        ('perturbation_0.015', 'OP(s=0.015)', '#2EAD78'),
+                        ('perturbation_0.02', 'OP(s=0.02)', '#1A7F5A')]:
         if k in perturb_results:
             methods.append(name); aucs.append(perturb_results[k]['auc']); colors.append(c)
     fig, ax = plt.subplots(figsize=(9, 5))
     bars = ax.bar(methods, aucs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, a in zip(bars, aucs):
-        ax.text(bar.get_x() + bar.get_width()/2, bar.get_height() + 0.003,
-                f'{a:.4f}', ha='center', va='bottom', fontsize=10, fontweight='bold')
+        ax.text(bar.get_x() + bar.get_width()/2, bar.get_height() + 0.002,
+                f'{a:.4f}', ha='center', va='bottom', fontsize=9, fontweight='bold')
     ax.axhline(y=0.5, color='#E86452', linestyle='--', linewidth=1.5, alpha=0.6, label='Random Guess (0.5)')
     ax.set_ylabel('MIA AUC', fontsize=11)
-    ax.set_title('Defense Mechanisms - AUC', fontsize=13, fontweight='bold')
-    ax.set_ylim(0.48, max(aucs) + 0.04 if aucs else 0.7)
+    ax.set_ylim(0.48, max(aucs) + 0.035 if aucs else 0.7)
     ax.legend(fontsize=9)
     ax.grid(axis='y', linestyle='--', alpha=0.3)
     ax.spines['top'].set_visible(False)
@@ -147,15 +160,16 @@ def make_auc_bar():
 def make_tradeoff():
     fig, ax = plt.subplots(figsize=(8, 6))
     pts = []
-    for k, name, mk, c, sz in [('baseline', 'Baseline', 'o', '#8C8C8C', 180),
-                                 ('smooth_0.02', 'LS (e=0.02)', 's', '#5B8FF9', 160),
-                                 ('smooth_0.2', 'LS (e=0.2)', 's', '#3D76DD', 160)]:
+    for k, name, mk, c, sz in [('baseline', 'Baseline', 'o', '#8C8C8C', 200),
+                                 ('smooth_0.02', 'LS(e=0.02)', 's', '#5B8FF9', 180),
+                                 ('smooth_0.2', 'LS(e=0.2)', 's', '#3D76DD', 180)]:
         if k in mia_results and k in utility_results:
             pts.append({'n': name, 'a': mia_results[k]['auc'], 'c': utility_results[k]['accuracy'],
                         'm': mk, 'co': c, 's': sz})
     ba = utility_results.get('baseline', {}).get('accuracy', 0.633)
-    for k, name, mk, c, sz in [('perturbation_0.01', 'OP (s=0.01)', '^', '#5AD8A6', 170),
-                                 ('perturbation_0.02', 'OP (s=0.02)', '^', '#1A7F5A', 170)]:
+    for k, name, mk, c, sz in [('perturbation_0.01', 'OP(s=0.01)', '^', '#5AD8A6', 190),
+                                 ('perturbation_0.015', 'OP(s=0.015)', 'D', '#2EAD78', 150),
+                                 ('perturbation_0.02', 'OP(s=0.02)', '^', '#1A7F5A', 190)]:
         if k in perturb_results:
             pts.append({'n': name, 'a': perturb_results[k]['auc'], 'c': ba, 'm': mk, 'co': c, 's': sz})
     for p in pts:
@@ -163,13 +177,13 @@ def make_tradeoff():
                    s=p['s'], edgecolors='white', linewidth=2, zorder=5)
     ax.axhline(y=0.5, color='#BFBFBF', linestyle='--', alpha=0.8, label='Random Guess')
     ax.set_xlabel('Accuracy', fontsize=11, fontweight='bold')
-    ax.set_ylabel('MIA AUC', fontsize=11, fontweight='bold')
+    ax.set_ylabel('MIA AUC (Privacy Risk)', fontsize=11, fontweight='bold')
     ax.set_title('Privacy-Utility Trade-off', fontsize=13, fontweight='bold')
     aa = [p['c'] for p in pts]; ab = [p['a'] for p in pts]
     if aa and ab:
         ax.set_xlim(min(aa)-0.03, max(aa)+0.05)
         ax.set_ylim(min(min(ab), 0.5)-0.02, max(ab)+0.025)
-    ax.legend(loc='upper right', fontsize=9, fancybox=True)
+    ax.legend(loc='upper right', fontsize=8, fancybox=True)
     ax.grid(True, alpha=0.2)
     ax.spines['top'].set_visible(False)
     ax.spines['right'].set_visible(False)
@@ -179,22 +193,22 @@ def make_tradeoff():
 
 def make_accuracy_bar():
     names, accs, colors = [], [], []
-    for k, name, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS (e=0.02)', '#5B8FF9'),
-                        ('smooth_0.2', 'LS (e=0.2)', '#3D76DD')]:
+    for k, name, c in [('baseline', 'Baseline', '#8C8C8C'), ('smooth_0.02', 'LS(e=0.02)', '#5B8FF9'),
+                        ('smooth_0.2', 'LS(e=0.2)', '#3D76DD')]:
         if k in utility_results:
             names.append(name); accs.append(utility_results[k]['accuracy']*100); colors.append(c)
     bp = utility_results.get('baseline', {}).get('accuracy', 0)*100
-    for k, name, c in [('perturbation_0.01', 'OP (s=0.01)', '#5AD8A6'),
-                        ('perturbation_0.02', 'OP (s=0.02)', '#1A7F5A')]:
+    for k, name, c in [('perturbation_0.01', 'OP(s=0.01)', '#5AD8A6'),
+                        ('perturbation_0.015', 'OP(s=0.015)', '#2EAD78'),
+                        ('perturbation_0.02', 'OP(s=0.02)', '#1A7F5A')]:
         if k in perturb_results:
             names.append(name); accs.append(bp); colors.append(c)
     fig, ax = plt.subplots(figsize=(9, 5))
     bars = ax.bar(names, accs, color=colors, width=0.5, edgecolor='white', linewidth=1.5)
     for bar, acc in zip(bars, accs):
-        ax.text(bar.get_x()+bar.get_width()/2, bar.get_height()+0.6,
-                f'{acc:.1f}%', ha='center', va='bottom', fontsize=10, fontweight='bold')
+        ax.text(bar.get_x()+bar.get_width()/2, bar.get_height()+0.5,
+                f'{acc:.1f}%', ha='center', va='bottom', fontsize=9, fontweight='bold')
     ax.set_ylabel('Accuracy (%)', fontsize=11)
-    ax.set_title('Model Utility (300 Math Questions)', fontsize=13, fontweight='bold')
     ax.set_ylim(0, 100)
     ax.grid(axis='y', alpha=0.3)
     ax.spines['top'].set_visible(False)
@@ -204,24 +218,21 @@ def make_accuracy_bar():
     return fig
 
 
-def make_loss_gauge(loss_val, m_mean, nm_mean, threshold):
+def make_loss_gauge(loss_val, m_mean, nm_mean, threshold, m_std, nm_std):
     fig, ax = plt.subplots(figsize=(8, 2.8))
-    x_min = min(m_mean - 3*bl_m_std, loss_val - 0.01)
-    x_max = max(nm_mean + 3*bl_nm_std, loss_val + 0.01)
-
+    x_min = min(m_mean - 3*m_std, loss_val - 0.01)
+    x_max = max(nm_mean + 3*nm_std, loss_val + 0.01)
     ax.axvspan(x_min, threshold, alpha=0.12, color='#5B8FF9')
     ax.axvspan(threshold, x_max, alpha=0.12, color='#E86452')
     ax.axvline(x=threshold, color='#434343', linewidth=2, linestyle='-', zorder=3)
     ax.text(threshold, 1.12, 'Threshold', ha='center', va='bottom', fontsize=9,
             fontweight='bold', color='#434343', transform=ax.get_xaxis_transform())
-
     ax.axvline(x=m_mean, color='#5B8FF9', linewidth=1.2, linestyle='--', alpha=0.6)
-    ax.text(m_mean, -0.28, f'Member Mean\n({m_mean:.4f})', ha='center', va='top',
+    ax.text(m_mean, -0.28, f'Member\n({m_mean:.4f})', ha='center', va='top',
             fontsize=7.5, color='#5B8FF9', transform=ax.get_xaxis_transform())
     ax.axvline(x=nm_mean, color='#E86452', linewidth=1.2, linestyle='--', alpha=0.6)
-    ax.text(nm_mean, -0.28, f'Non-Member Mean\n({nm_mean:.4f})', ha='center', va='top',
+    ax.text(nm_mean, -0.28, f'Non-Member\n({nm_mean:.4f})', ha='center', va='top',
             fontsize=7.5, color='#E86452', transform=ax.get_xaxis_transform())
-
     in_member = loss_val < threshold
     mc = '#5B8FF9' if in_member else '#E86452'
     ax.plot(loss_val, 0.5, marker='v', markersize=16, color=mc, zorder=5,
@@ -229,26 +240,23 @@ def make_loss_gauge(loss_val, m_mean, nm_mean, threshold):
     ax.text(loss_val, 0.78, f'Loss={loss_val:.4f}', ha='center', va='bottom', fontsize=10,
             fontweight='bold', color=mc, transform=ax.get_xaxis_transform(),
             bbox=dict(boxstyle='round,pad=0.3', facecolor='white', edgecolor=mc, alpha=0.95))
-
     mc_x = (x_min + threshold) / 2
     nmc_x = (threshold + x_max) / 2
     ax.text(mc_x, 0.5, 'Member Zone', ha='center', va='center', fontsize=10,
             color='#5B8FF9', fontweight='bold', alpha=0.5, transform=ax.get_xaxis_transform())
     ax.text(nmc_x, 0.5, 'Non-Member Zone', ha='center', va='center', fontsize=10,
             color='#E86452', fontweight='bold', alpha=0.5, transform=ax.get_xaxis_transform())
-
     ax.set_xlim(x_min, x_max)
     ax.set_yticks([])
-    ax.spines['top'].set_visible(False)
-    ax.spines['right'].set_visible(False)
-    ax.spines['left'].set_visible(False)
+    for sp in ['top', 'right', 'left']:
+        ax.spines[sp].set_visible(False)
     ax.set_xlabel('Loss Value', fontsize=9)
     plt.tight_layout()
     return fig
 
 
 # ========================================
-# 3. Callbacks
+# Callbacks
 # ========================================
 
 def show_random_sample(data_type):
@@ -257,52 +265,54 @@ def show_random_sample(data_type):
     meta = sample['metadata']
     task_map = {'calculation': '基础计算', 'word_problem': '应用题',
                 'concept': '概念问答', 'error_correction': '���题订正'}
-
     info_md = (
         "**截获的隐私元数据**\n\n"
         "- **姓名**: " + clean_text(str(meta.get('name', ''))) + "\n"
         "- **学号**: " + clean_text(str(meta.get('student_id', ''))) + "\n"
         "- **班级**: " + clean_text(str(meta.get('class', ''))) + "\n"
         "- **成绩**: " + clean_text(str(meta.get('score', ''))) + " 分\n"
-        "- **类型**: " + task_map.get(sample.get('task_type', ''), sample.get('task_type', '')) + "\n"
-    )
+        "- **类型**: " + task_map.get(sample.get('task_type', ''), '') + "\n")
     return info_md, clean_text(sample.get('question', '')), clean_text(sample.get('answer', ''))
 
 
-def run_mia_demo(sample_index, data_type):
+MODEL_CHOICE_MAP = {
+    "基线模型 (Baseline)": "baseline",
+    "标签平滑模型 (e=0.02)": "smooth_0.02",
+    "标签平滑模型 (e=0.2)": "smooth_0.2",
+}
+
+
+def run_mia_demo(sample_index, data_type, model_choice):
     is_member = (data_type == "成员数据（训练集）")
     data = member_data if is_member else non_member_data
     idx = min(int(sample_index), len(data) - 1)
     sample = data[idx]
 
-    bl = full_results.get('baseline', {})
-    if is_member and idx < len(bl.get('member_losses', [])):
-        loss = bl['member_losses'][idx]
-    elif not is_member and idx < len(bl.get('non_member_losses', [])):
-        loss = bl['non_member_losses'][idx]
+    model_key = MODEL_CHOICE_MAP.get(model_choice, "baseline")
+    params = MODEL_PARAMS.get(model_key, MODEL_PARAMS["baseline"])
+
+    fr = full_results.get(model_key, full_results.get('baseline', {}))
+    if is_member and idx < len(fr.get('member_losses', [])):
+        loss = fr['member_losses'][idx]
+    elif not is_member and idx < len(fr.get('non_member_losses', [])):
+        loss = fr['non_member_losses'][idx]
     else:
-        loss = float(np.random.normal(bl_m_mean if is_member else bl_nm_mean, 0.02))
+        loss = float(np.random.normal(params['m_mean'] if is_member else params['nm_mean'], 0.02))
 
-    threshold = (bl_m_mean + bl_nm_mean) / 2.0
+    m_mean = params['m_mean']
+    nm_mean = params['nm_mean']
+    m_std = params['m_std']
+    nm_std = params['nm_std']
+    threshold = (m_mean + nm_mean) / 2.0
     pred_member = (loss < threshold)
     attack_correct = (pred_member == is_member)
 
-    gauge_fig = make_loss_gauge(loss, bl_m_mean, bl_nm_mean, threshold)
-
-    # Build result card
-    if pred_member:
-        pred_label = "训练成员"
-        pred_color = "🔴"
-    else:
-        pred_label = "非训练成员"
-        pred_color = "🟢"
+    gauge_fig = make_loss_gauge(loss, m_mean, nm_mean, threshold, m_std, nm_std)
 
-    if is_member:
-        actual_label = "训练成员"
-        actual_color = "🔴"
-    else:
-        actual_label = "非训练成员"
-        actual_color = "🟢"
+    pred_label = "训练成员" if pred_member else "非训练成员"
+    pred_color = "🔴" if pred_member else "🟢"
+    actual_label = "训练成员" if is_member else "非训练成员"
+    actual_color = "🔴" if is_member else "🟢"
 
     if attack_correct and pred_member and is_member:
         verdict = "⚠️ **攻击成功: 发生了隐私泄露**"
@@ -314,155 +324,53 @@ def run_mia_demo(sample_index, data_type):
         verdict = "❌ **攻击失误**"
         verdict_detail = "攻击者的判定与真实身份不符。"
 
+    model_auc = mia_results.get(model_key, {}).get('auc', 0)
     result_md = (
-        verdict + "\n\n"
-        + verdict_detail + "\n\n"
+        verdict + "\n\n" + verdict_detail + "\n\n"
+        "**当前攻击模型**: " + params['label'] + " (AUC=" + f"{model_auc:.4f}" + ")\n\n"
         "| | 攻击者计算得出 | 系统真实身份 |\n"
         "|---|---|---|\n"
         "| 判定 | " + pred_color + " " + pred_label + " | " + actual_color + " " + actual_label + " |\n"
-        "| Loss | " + f"{loss:.4f}" + " | Threshold: " + f"{threshold:.4f}" + " |\n"
-    )
+        "| Loss | " + f"{loss:.4f}" + " | Threshold: " + f"{threshold:.4f}" + " |\n")
 
     q_text = "**样本追踪号 [" + str(idx) + "] :**\n\n" + clean_text(sample.get('question', ''))[:500]
     return q_text, gauge_fig, result_md
 
 
 # ========================================
-# 4. Build Interface (CSS 精装修版)
+# Interface
 # ========================================
 
 CSS = """
-/* 全局背景与字体 */
 body { background-color: #f0f4f8 !important; }
 .gradio-container {
-    max-width: 1200px !important;
-    margin: auto !important;
+    max-width: 1200px !important; margin: auto !important;
     font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, "PingFang SC", "Microsoft YaHei", sans-serif !important;
 }
-
-/* Tab 导航高级感 */
-.tab-nav {
-    border-bottom: 2px solid #e1e8f0 !important;
-    background-color: transparent !important;
-    margin-bottom: 20px !important;
-}
+.tab-nav { border-bottom: 2px solid #e1e8f0 !important; margin-bottom: 20px !important; }
 .tab-nav button {
-    font-size: 15px !important;
-    padding: 14px 24px !important;
-    font-weight: 500 !important;
-    color: #64748b !important;
-    border-radius: 8px 8px 0 0 !important;
-    transition: all 0.3s ease !important;
-    background: transparent !important;
-    border: none !important;
-}
-.tab-nav button:hover {
-    color: #3b82f6 !important;
-    background: rgba(59, 130, 246, 0.05) !important;
+    font-size: 15px !important; padding: 14px 24px !important; font-weight: 500 !important;
+    color: #64748b !important; border-radius: 8px 8px 0 0 !important;
+    transition: all 0.3s ease !important; background: transparent !important; border: none !important;
 }
-.tab-nav button.selected {
-    font-weight: 700 !important;
-    color: #2563eb !important;
-    border-bottom: 3px solid #2563eb !important;
-}
-
-/* 内容区域卡片化布局 */
+.tab-nav button:hover { color: #3b82f6 !important; background: rgba(59,130,246,0.05) !important; }
+.tab-nav button.selected { font-weight: 700 !important; color: #2563eb !important; border-bottom: 3px solid #2563eb !important; }
 .tabitem {
-    background: #ffffff !important;
-    border-radius: 12px !important;
-    box-shadow: 0 4px 20px rgba(0, 0, 0, 0.04) !important;
-    padding: 30px !important;
-    border: 1px solid #e2e8f0 !important;
-}
-
-/* 标题排版优化 */
-.prose h1 {
-    font-size: 2.2rem !important;
-    color: #0f172a !important;
-    letter-spacing: -0.02em !important;
-    font-weight: 800 !important;
-    text-align: center !important;
-    margin-bottom: 0.5em !important;
-}
-.prose h2 {
-    font-size: 1.4rem !important;
-    color: #1e293b !important;
-    margin-top: 1.5em !important;
-    padding-bottom: 0.4em !important;
-    border-bottom: 2px solid #f1f5f9 !important;
-    font-weight: 700 !important;
-}
-.prose h3 {
-    font-size: 1.15rem !important;
-    color: #334155 !important;
-    font-weight: 600 !important;
-    margin-top: 1.2em !important;
-}
-
-/* 🚀 表格终极美化 (带圆角、阴影和斑马纹) */
-.prose table {
-    width: 100% !important;
-    border-collapse: separate !important;
-    border-spacing: 0 !important;
-    margin: 1.5em 0 !important;
-    border-radius: 10px !important;
-    overflow: hidden !important;
-    box-shadow: 0 0 0 1px #e2e8f0, 0 4px 6px -1px rgba(0, 0, 0, 0.05) !important;
-    font-size: 0.95rem !important;
-}
-.prose th {
-    background: #f8fafc !important;
-    color: #475569 !important;
-    font-weight: 600 !important;
-    text-transform: uppercase !important;
-    font-size: 0.85rem !important;
-    letter-spacing: 0.05em !important;
-    padding: 14px 16px !important;
-    border-bottom: 2px solid #e2e8f0 !important;
-    text-align: left !important;
-}
-.prose tr:nth-child(even) td {
-    background: #f8fafc !important; 
-}
-.prose td {
-    padding: 12px 16px !important;
-    color: #334155 !important;
-    border-bottom: 1px solid #e2e8f0 !important;
-    transition: background-color 0.2s ease !important;
-}
-.prose tr:last-child td {
-    border-bottom: none !important;
-}
-.prose tr:hover td {
-    background-color: #f1f5f9 !important;
-}
-
-/* 引用块美化 (高亮重点说明) */
-.prose blockquote {
-    border-left: 4px solid #3b82f6 !important;
-    background: linear-gradient(to right, #eff6ff, #ffffff) !important;
-    padding: 16px 20px !important;
-    border-radius: 0 8px 8px 0 !important;
-    font-size: 0.95rem !important;
-    color: #1e40af !important;
-    margin: 1.5em 0 !important;
-    box-shadow: 0 1px 2px rgba(0,0,0,0.02) !important;
-}
-
-/* 按钮高级感特效 */
-button.primary {
-    background: linear-gradient(135deg, #3b82f6 0%, #2563eb 100%) !important;
-    border: none !important;
-    box-shadow: 0 4px 12px rgba(37, 99, 235, 0.25) !important;
-    font-weight: 600 !important;
-    transition: all 0.3s ease !important;
-}
-button.primary:hover {
-    transform: translateY(-2px) !important;
-    box-shadow: 0 6px 16px rgba(37, 99, 235, 0.35) !important;
+    background: #fff !important; border-radius: 12px !important;
+    box-shadow: 0 4px 20px rgba(0,0,0,0.04) !important; padding: 30px !important; border: 1px solid #e2e8f0 !important;
 }
-
-/* 隐藏无关页脚标志 */
+.prose h1 { font-size: 2.2rem !important; color: #0f172a !important; font-weight: 800 !important; text-align: center !important; }
+.prose h2 { font-size: 1.4rem !important; color: #1e293b !important; margin-top: 1.5em !important; padding-bottom: 0.4em !important; border-bottom: 2px solid #f1f5f9 !important; font-weight: 700 !important; }
+.prose h3 { font-size: 1.15rem !important; color: #334155 !important; font-weight: 600 !important; }
+.prose table { width: 100% !important; border-collapse: separate !important; border-spacing: 0 !important; margin: 1.5em 0 !important; border-radius: 10px !important; overflow: hidden !important; box-shadow: 0 0 0 1px #e2e8f0, 0 4px 6px -1px rgba(0,0,0,0.05) !important; font-size: 0.92rem !important; }
+.prose th { background: #f8fafc !important; color: #475569 !important; font-weight: 600 !important; font-size: 0.85rem !important; letter-spacing: 0.05em !important; padding: 12px 14px !important; border-bottom: 2px solid #e2e8f0 !important; }
+.prose tr:nth-child(even) td { background: #f8fafc !important; }
+.prose td { padding: 10px 14px !important; color: #334155 !important; border-bottom: 1px solid #e2e8f0 !important; }
+.prose tr:last-child td { border-bottom: none !important; }
+.prose tr:hover td { background-color: #f1f5f9 !important; }
+.prose blockquote { border-left: 4px solid #3b82f6 !important; background: linear-gradient(to right,#eff6ff,#fff) !important; padding: 14px 18px !important; border-radius: 0 8px 8px 0 !important; font-size: 0.93rem !important; color: #1e40af !important; margin: 1.5em 0 !important; }
+button.primary { background: linear-gradient(135deg,#3b82f6 0%,#2563eb 100%) !important; border: none !important; box-shadow: 0 4px 12px rgba(37,99,235,0.25) !important; font-weight: 600 !important; }
+button.primary:hover { transform: translateY(-2px) !important; box-shadow: 0 6px 16px rgba(37,99,235,0.35) !important; }
 footer { display: none !important; }
 """
 
@@ -472,201 +380,229 @@ with gr.Blocks(title="教育大模型隐私攻防", theme=gr.themes.Soft(
     gr.Markdown(
         "# 教育大模型中的成员推理攻击及其防御研究\n\n"
         "> 探究教育场景下大语言模型的隐私泄露风险，"
-        "验证标签平滑与输出扰动两种防御策略的有效性。\n")
+        "验证标签平滑与输出扰动两种防御策略的有效性及其对模型效用的影响。\n")
 
-    # --- Tab 1 ---
     with gr.Tab("项目概览"):
         gr.Markdown(
             "## 研究背景\n\n"
-            "大语言模型在教育领域的应用日益广泛，模型训练过程中不可避免地接触到学生敏感数据。"
-            "**成员推理攻击 (MIA)** 能够判断某条数据是否参与了模型训练，构成隐私威胁。\n\n"
+            "大语言模型在教育领域的应用日益广泛，模型训练不可避免地接触到学生敏感数据。"
+            "**成员推理攻击 (Membership Inference Attack, MIA)** 能够判断某条数据是否参与了模型训练，"
+            "从而推断学生的隐私信息，构成切实的隐私威胁。\n\n"
             "---\n\n"
             "## 实验设计\n\n"
             "| 阶段 | 内容 | 方法 |\n"
             "|------|------|------|\n"
-            "| 数据准备 | 2000条数学辅导对话 | 模板化生成，含隐私字段 |\n"
-            "| 模型训练 | Qwen2.5-Math + LoRA | 基线 + 标签平滑 (e=0.02, 0.2) |\n"
-            "| MIA攻击 | Loss-based攻击 | 计算全样本Loss，AUC评估 |\n"
-            "| 输出扰动 | 推理期防御 | 对Loss加高斯噪声 (s=0.01~0.02) |\n"
-            "| 效用评估 | 300道数学测试题 | 准确率评估 |\n"
-            "| 综合分析 | 隐私-效用权衡 | 散点图 + 定量对比 |\n\n"
+            "| 1. 数据准备 | 2000条小学数学辅导对话 | 模板化生成，含姓名/学号/成绩等隐私字段 |\n"
+            "| 2. 基线模型训练 | Qwen2.5-Math-1.5B + LoRA | 标准微调，无任何防御措施 |\n"
+            "| 3. 标签平滑模型训练 | 两组不同平滑系数 | e=0.02(温和) 与 e=0.2(强力) 分别训练 |\n"
+            "| 4. MIA攻击测试 | 对三个模型分别发起攻击 | 基于Loss阈值的成员推理，AUC评估 |\n"
+            "| 5. 输出扰动测试 | 在基线模型上添加噪声 | 高斯噪声 s=0.01/0.015/0.02 三组 |\n"
+            "| 6. 效用评估 | 300道数学测试题 | 三个模型分别测试准确率 |\n"
+            "| 7. 综合分析 | 隐私-效用权衡 | 散点图 + 定量对比 |\n\n"
             "---\n\n"
             "## 实验配置\n\n"
-            "| 项 | 值 |\n"
-            "|---|---|\n"
+            "| 项目 | 值 |\n"
+            "|------|-----|\n"
             "| 基座模型 | " + model_name_str + " |\n"
-            "| 微调 | LoRA (r=8, alpha=16) |\n"
+            "| 微调方法 | LoRA (r=8, alpha=16, target: q/k/v/o_proj) |\n"
             "| 训练轮数 | 10 epochs |\n"
-            "| 数据量 | " + data_size_str + " 条 |\n")
+            "| 数据总量 | " + data_size_str + " 条 (成员1000 + 非成员1000) |\n"
+            "| 训练模型数 | 3个 (基线 + 标签平滑x2) |\n")
 
-    # --- Tab 2 ---
     with gr.Tab("数据展示"):
         gr.Markdown("## 数据集概况\n\n"
-                    "成员1000条（训练集）+ 非成员1000条（对照组），每条含学生隐私字段。\n")
+                    "成员数据1000条（训练集）与非成员数据1000条（对照组），每条均包含学生隐私字段。\n")
         with gr.Row():
             with gr.Column(scale=1):
-                gr.Plot(value=make_pie_chart(), label="图表")
+                gr.Plot(value=make_pie_chart())
             with gr.Column(scale=1):
                 gr.Markdown("**选择靶向数据池**")
                 data_sel = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"],
                                     value="成员数据（训练集）", label="")
                 sample_btn = gr.Button("随机��取", variant="primary")
                 sample_info = gr.Markdown()
-
         gr.Markdown("---\n\n**原始对话内容**")
         with gr.Row():
             sample_q = gr.Textbox(label="学生提问 (Prompt)", lines=5, interactive=False)
             sample_a = gr.Textbox(label="模型回答 (Ground Truth)", lines=5, interactive=False)
-
         sample_btn.click(show_random_sample, [data_sel], [sample_info, sample_q, sample_a])
 
-    # --- Tab 3 ---
     with gr.Tab("MIA攻击演示"):
         gr.Markdown(
             "## 发起成员推理攻击\n\n"
-            "调整下方滑块选择一条数据，系统将计算该条数据的 Loss 值并实施判定。\n")
-
+            "选择目标模型和数据来源，系统将计算该样本的Loss值并实施成员身份判定。\n")
         with gr.Row():
             with gr.Column(scale=1):
+                atk_model = gr.Radio(
+                    ["基线模型 (Baseline)", "标签平滑模型 (e=0.02)", "标签平滑模型 (e=0.2)"],
+                    value="基线模型 (Baseline)", label="选择攻击目标模型")
                 atk_type = gr.Radio(["成员数据（训练集）", "非成员数据（测试集）"],
                                     value="成员数据（训练集）", label="模拟真实数据来源")
                 atk_idx = gr.Slider(0, 999, step=1, value=0, label="样本游标 ID (0-999)")
                 atk_btn = gr.Button("执行成员推理攻击", variant="primary", size="lg")
                 atk_question = gr.Markdown()
-
             with gr.Column(scale=1):
                 gr.Markdown("**攻击侦测控制台**")
                 atk_gauge = gr.Plot(label="Loss 分布雷达")
                 atk_result = gr.Markdown()
+        atk_btn.click(run_mia_demo, [atk_idx, atk_type, atk_model], [atk_question, atk_gauge, atk_result])
 
-        atk_btn.click(run_mia_demo, [atk_idx, atk_type], [atk_question, atk_gauge, atk_result])
-
-    # --- Tab 4 ---
     with gr.Tab("防御对比"):
         gr.Markdown(
             "## 防御策略效果对比\n\n"
-            "| 策略 | 类型 | 原理 | 优势 | 局限 |\n"
-            "|------|------|------|------|------|\n"
-            "| 标签平滑 | 训练期 | 软化训练标签 | 降低过拟合 | 可能影响效用 |\n"
-            "| 输出扰动 | 推理期 | Loss加噪声 | 零效用损失 | 仅遮蔽信号 |\n")
+            "本研究测试了两类防御策略，以下基于实验数据给出对比分析。\n\n"
+            "| 策略 | 类型 | 原理 | 实验验证的优势 | 实验观察到的局限 |\n"
+            "|------|------|------|---------------|----------------|\n"
+            "| 标签平滑 | 训练期 | 软化训练标签，抑制对训练数据的过度记忆 | e=0.02时AUC降至" + f"{s002_auc:.4f}" + "，准确率提升至" + f"{s002_acc:.1f}" + "% | 需要重新训练模型；e过大时可能影响效用 |\n"
+            "| 输出扰动 | 推理期 | 对模型输出Loss添加高斯噪声，模糊统计差异 | s=0.02时AUC降至" + f"{op002_auc:.4f}" + "，准确率完全不变 | 仅遮蔽Loss层面的统计信号，不改变模型本身的记忆特性 |\n")
 
         with gr.Row():
             with gr.Column():
-                gr.Plot(value=make_auc_bar(), label="AUC对比")
+                gr.Markdown("### AUC对比（全部策略）")
+                gr.Plot(value=make_auc_bar())
             with gr.Column():
-                gr.Plot(value=make_loss_distribution(), label="Loss分布")
+                gr.Markdown("### Loss分布对比（三个模型）")
+                gr.Plot(value=make_loss_distribution())
 
         tbl = (
-            "### 结果汇总\n\n"
-            "| 策略 | 类型 | AUC | 准确率 |\n"
-            "|------|------|-----|--------|\n")
-        for k, name, cat in [('baseline', '基线', '--'), ('smooth_0.02', '标签平滑 (e=0.02)', '训练期'),
+            "### 完整实验结果\n\n"
+            "| 策略 | 类型 | AUC | 准确率 | AUC变化 |\n"
+            "|------|------|-----|--------|--------|\n")
+        for k, name, cat in [('baseline', '基线 (无防御)', '--'), ('smooth_0.02', '标签平滑 (e=0.02)', '训练期'),
                               ('smooth_0.2', '标签平滑 (e=0.2)', '训练期')]:
             if k in mia_results:
                 a = mia_results[k]['auc']
                 acc = utility_results.get(k, {}).get('accuracy', 0) * 100
-                tbl += "| " + name + " | " + cat + " | " + f"{a:.4f}" + " | " + f"{acc:.1f}" + "% |\n"
+                delta = "--" if k == 'baseline' else f"{a - bl_auc:+.4f}"
+                tbl += "| " + name + " | " + cat + " | " + f"{a:.4f}" + " | " + f"{acc:.1f}" + "% | " + delta + " |\n"
         for k, name in [('perturbation_0.01', '输出扰动 (s=0.01)'), ('perturbation_0.015', '输出扰动 (s=0.015)'),
                          ('perturbation_0.02', '输出扰动 (s=0.02)')]:
             if k in perturb_results:
                 a = perturb_results[k]['auc']
-                tbl += "| " + name + " | 推理期 | " + f"{a:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
+                delta = f"{a - bl_auc:+.4f}"
+                tbl += "| " + name + " | 推理期 | " + f"{a:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) | " + delta + " |\n"
         gr.Markdown(tbl)
 
-    # --- Tab 5 ---
     with gr.Tab("防御详解"):
         gr.Markdown(
-            "## 标签平滑 (Label Smoothing)\n\n"
+            "## 一、标签平滑 (Label Smoothing)\n\n"
             "**类型**: 训练期防御\n\n"
-            "将训练标签从硬标签 (one-hot) 转换为软标签，降低模型对训练样本的过度拟合。\n\n"
-            "y_smooth = (1 - e) * y_onehot + e / V\n\n"
-            "| 参数 | AUC | 准确率 |\n"
-            "|------|-----|--------|\n"
-            "| 基线 (e=0) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% |\n"
-            "| e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% |\n"
-            "| e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% |\n\n"
+            "将训练标签从硬标签 (one-hot) 转换为软标签，降低模型对训练样本的过度拟合程度，"
+            "从而缩小成员与非成员之间的Loss分布差异。\n\n"
+            "$$y_{smooth} = (1 - \\varepsilon) \\cdot y_{onehot} + \\frac{\\varepsilon}{V}$$\n\n"
+            "其中 $\\varepsilon$ 为平滑系数，$V$ 为词汇表大小。\n\n"
+            "| 参数 | AUC | 准确率 | 分析 |\n"
+            "|------|-----|--------|------|\n"
+            "| 基线 (e=0) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 无防御，攻击风险较高 |\n"
+            "| e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 温和平滑，隐私与效用较好平衡 |\n"
+            "| e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 强力平滑，AUC显著下降 |\n\n"
             "---\n\n"
-            "## 输出扰动 (Output Perturbation)\n\n"
+            "## 二、输出扰动 (Output Perturbation)\n\n"
             "**类型**: 推理期防御\n\n"
-            "在推理阶段对Loss值注入高斯噪声，不修改模型参数，准确率完全不变。\n\n"
-            "Loss_perturbed = Loss_original + N(0, s^2)\n\n"
+            "在推理阶段对模型返回的Loss值注入高斯噪声，使攻击者难以从Loss的微小差异中区分成员与非成员。\n\n"
+            "$$\\mathcal{L}_{perturbed} = \\mathcal{L}_{original} + \\mathcal{N}(0, \\sigma^2)$$\n\n"
+            "其中 $\\sigma$ 为噪声标准差，控制扰动强度。\n\n"
             "| 参数 | AUC | AUC降幅 | 准确率 |\n"
             "|------|-----|---------|--------|\n"
-            "| 基线 | " + f"{bl_auc:.4f}" + " | -- | " + f"{bl_acc:.1f}" + "% |\n"
+            "| 基线 (s=0) | " + f"{bl_auc:.4f}" + " | -- | " + f"{bl_acc:.1f}" + "% |\n"
             "| s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc-op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
             "| s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc-op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
             "| s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc-op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n\n"
             "---\n\n"
-            "## 综合对比\n\n"
+            "## 三、综合对比\n\n"
             "| 维度 | 标签平滑 | 输出扰动 |\n"
             "|------|---------|----------|\n"
             "| 作用阶段 | 训练期 | 推理期 |\n"
             "| 是否需要重训 | 是 | 否 |\n"
-            "| 对效用的影响 | 可能有影响 | 无影响 |\n"
-            "| 防御机制 | 降低过拟合 | 遮蔽统计信号 |\n"
-            "| 可叠加使用 | 是 | 是 |\n\n"
-            "> 推荐方案: 标签平滑 (e=0.02) + 输出扰动 (s=0.02) 双重防护\n")
+            "| 对效用的影响 | 取决于平滑系数 | 无影响 |\n"
+            "| 防御原理 | 抑制过拟合，降低记忆 | 遮蔽Loss层面统计信号 |\n"
+            "| 部署难度 | 需训练阶段介入 | 推理阶段即插即用 |\n"
+            "| 可叠加使用 | 是 | 是 |\n")
 
-    # --- Tab 6 ---
     with gr.Tab("效用评估"):
-        gr.Markdown("## 效用评估\n\n> 测试集: 300道数学题\n")
+        gr.Markdown(
+            "## 效用评估\n\n"
+            "> 测试集: 300道数学题，覆盖基础计算、应用题、概念问答三类任务。\n")
         with gr.Row():
             with gr.Column():
-                gr.Plot(value=make_accuracy_bar(), label="准确率")
+                gr.Markdown("### 准确率对比")
+                gr.Plot(value=make_accuracy_bar())
             with gr.Column():
-                gr.Plot(value=make_tradeoff(), label="隐私-效用权衡")
-
-    # --- Tab 7 ---
-    with gr.Tab("论文图表"):
-        gr.Markdown("## 学术图表 (300 DPI)")
-        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1: Loss分布对比"),
-                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2: 隐私-效用权衡"),
-                         ("fig3_defense_comparison_bar.png", "图3: 防御效果柱状图")]:
+                gr.Markdown("### 隐私-效用权衡")
+                gr.Plot(value=make_tradeoff())
+
+        gr.Markdown(
+            "### 效用分析\n\n"
+            "| 策略 | 准确率 | AUC | 效用变化 | 分析 |\n"
+            "|------|--------|-----|---------|------|\n"
+            "| 基线 | " + f"{bl_acc:.1f}" + "% | " + f"{bl_auc:.4f}" + " | -- | 效用基准，但隐私风险最高 |\n"
+            "| LS(e=0.02) | " + f"{s002_acc:.1f}" + "% | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc-bl_acc:+.1f}" + "pp | 适度正则化提升了泛化能力，准确率反而上升 |\n"
+            "| LS(e=0.2) | " + f"{s02_acc:.1f}" + "% | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc-bl_acc:+.1f}" + "pp | 强力平滑对效用有一定影响，但仍在可接受范围 |\n"
+            "| OP(s=0.01) | " + f"{bl_acc:.1f}" + "% | " + f"{op001_auc:.4f}" + " | 0 | 零效用损失 |\n"
+            "| OP(s=0.015) | " + f"{bl_acc:.1f}" + "% | " + f"{op0015_auc:.4f}" + " | 0 | 零效用损失 |\n"
+            "| OP(s=0.02) | " + f"{bl_acc:.1f}" + "% | " + f"{op002_auc:.4f}" + " | 0 | 零效用损失 |\n\n"
+            "> **关键发现**: 标签平滑 e=0.02 不仅降低了隐私风险，还因正则化效应提升了模型的泛化能力。"
+            "输出扰动则在完全不影响效用的前提下实现了有效防御。"
+            "两类策略在效用维度上呈现互补特性：前者可能提升效用，后者保证效用不变。\n")
+
+    with gr.Tab("实验结果可视化"):
+        gr.Markdown("## 实验核心图表")
+        for fn, cap in [("fig1_loss_distribution_comparison.png", "图1: 成员与非成员Loss分布对比 (Baseline vs Label Smoothing)"),
+                         ("fig2_privacy_utility_tradeoff_fixed.png", "图2: 隐私风险与模型效用权衡散点图"),
+                         ("fig3_defense_comparison_bar.png", "图3: 各防御策略MIA攻击AUC对比")]:
             p = os.path.join(BASE_DIR, "figures", fn)
             if os.path.exists(p):
                 gr.Markdown("### " + cap)
                 gr.Image(value=p, show_label=False, height=400)
                 gr.Markdown("---")
 
-    # --- Tab 8 ---
     with gr.Tab("研究结论"):
         gr.Markdown(
             "## 研究结论\n\n"
             "---\n\n"
             "### 一、教育大模型面临显著的成员推理攻击风险\n\n"
-            "实验结果表明，经LoRA微调的教育辅导模型在面对基于Loss的成员推理攻击时，"
-            "AUC达到 " + f"{bl_auc:.4f}" + "，显著高于随机猜测基准(0.5)。"
-            "这意味着攻击者仅通过观察模型对某一样本的输出置信度，"
-            "即可以高于随机的概率推断该样本是否被纳入训练集。"
-            "在教育场景中，训练数据通常包含学生姓名、学号、学业成绩等敏感信息，"
+            "实验结果表明，经LoRA微调的Qwen2.5-Math-1.5B教育辅导模型在面对基于Loss的成员推理攻击时，"
+            "AUC达到 **" + f"{bl_auc:.4f}" + "**，显著高于随机猜测基准 (0.5)。"
+            "成员数据的平均Loss (" + f"{bl_m_mean:.4f}" + ") 明显低于非成员数据 (" + f"{bl_nm_mean:.4f}" + ")，"
+            "表明模型对训练数据产生了可被利用的记忆效应。"
+            "在教育场景中，训练数据包含学生姓名、学号、学业成绩等敏感信息，"
             "该攻击能力构成了切实的隐私威胁。\n\n"
             "---\n\n"
-            "### 二、标签平滑的有效性与局限性\n\n"
+            "### 二、标签平滑作为训练期防御策略的有效性与局限性\n\n"
             "标签平滑通过软化训练标签分布，抑制模型对训练样本的过度拟合，"
-            "缩小成员与非成员之间的Loss分布差异。\n\n"
-            "- e=0.02: AUC从" + f"{bl_auc:.4f}" + "降至" + f"{s002_auc:.4f}"
-            + "，准确率" + f"{s002_acc:.1f}" + "%，隐私保护与效用保持间取得较好平衡。\n"
-            "- e=0.2: AUC进一步降至" + f"{s02_auc:.4f}"
-            + "，防御效果更为显著，准确率" + f"{s02_acc:.1f}" + "%。\n\n"
-            "该结果表明平滑系数的选取需在隐私保护强度与模型效用之间进行权衡。\n\n"
+            "缩小成员与非成员之间的Loss分布差异。实验观察到:\n\n"
+            "- **e=0.02** (温和平滑): AUC从 " + f"{bl_auc:.4f}" + " 降至 " + f"{s002_auc:.4f}"
+            + "，准确率为 " + f"{s002_acc:.1f}" + "%。"
+            "适度的正则化效应不仅降低了隐私风险，还提升了模型的泛化能力。\n"
+            "- **e=0.2** (强力平滑): AUC进一步降至 " + f"{s02_auc:.4f}"
+            + "，防御效果显著增强，准确率为 " + f"{s02_acc:.1f}" + "%。\n\n"
+            "该结果表明平滑系数的选取需在隐私保护强度与模型效用之间进行权衡。"
+            "从实验数据看，e=0.02在两者���间取得了较好的平衡点。\n\n"
             "---\n\n"
-            "### 三、输出扰动的独特优势\n\n"
-            "输出扰动在推理阶段对Loss值注入高斯噪声，"
-            "核心优势在于完全不改变模型参数，对模型效用无任何影响。\n\n"
-            "- s=0.02: AUC从" + f"{bl_auc:.4f}" + "降至" + f"{op002_auc:.4f}"
-            + "，准确率保持" + f"{bl_acc:.1f}" + "%不变。\n\n"
-            "这是一种零效用成本的防御手段，适合已部署系统进行后期隐私加固。\n\n"
+            "### 三、输出扰动作为推理期防御策略的独特优势\n\n"
+            "输出扰动在推理阶段对模型输出的Loss值注入高斯噪声，"
+            "核心优势在于完全不改变模型参数，因此对模型效用无任何影响。实验中测试了三组噪声强度:\n\n"
+            "| 噪声强度 | AUC | AUC降幅 | 准确率 |\n"
+            "|----------|-----|---------|--------|\n"
+            "| s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_auc-op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
+            "| s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_auc-op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n"
+            "| s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_auc-op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% (不变) |\n\n"
+            "随着噪声强度增大，AUC呈单调下降趋势，表明更强的扰动更有效地模糊了成员与非成员的统计差异。"
+            "s=0.02时AUC降至 " + f"{op002_auc:.4f}" + "，接近标签平滑 e=0.2 的防御效果，"
+            "但完全不需要重新训练模型，适合已部署系统的后期隐私加固。\n\n"
             "---\n\n"
             "### 四、隐私-效用权衡的定量分析\n\n"
-            "| 策略 | AUC | 准确率 | 特点 |\n"
-            "|------|-----|--------|------|\n"
-            "| 基线 | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 风险最高 |\n"
-            "| 标签平滑 e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | 效用保持良好 |\n"
-            "| 标签平滑 e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | 强力防御 |\n"
-            "| 输出扰动 s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | 零效用损失 |\n\n"
-            "将训练期标签平滑(e=0.02)与推理期输出扰动(s=0.02)组合使用，"
-            "可在两个独立维度上削弱攻击者的推断能力，实现更为全面的隐私保护，"
-            "同时将效用损失控制在可接受范围内。\n")
+            "| 策略 | AUC | 准确率 | AUC变化 | 效用变化 | 特点 |\n"
+            "|------|-----|--------|--------|---------|------|\n"
+            "| 基线 (无防御) | " + f"{bl_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | -- | -- | 风险最高 |\n"
+            "| 标签平滑 e=0.02 | " + f"{s002_auc:.4f}" + " | " + f"{s002_acc:.1f}" + "% | " + f"{s002_auc-bl_auc:+.4f}" + " | " + f"{s002_acc-bl_acc:+.1f}" + "pp | 隐私与效用双优 |\n"
+            "| 标签平滑 e=0.2 | " + f"{s02_auc:.4f}" + " | " + f"{s02_acc:.1f}" + "% | " + f"{s02_auc-bl_auc:+.4f}" + " | " + f"{s02_acc-bl_acc:+.1f}" + "pp | 强力防御 |\n"
+            "| 输出扰动 s=0.01 | " + f"{op001_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op001_auc-bl_auc:+.4f}" + " | 0 | 温和扰动 |\n"
+            "| 输出扰动 s=0.015 | " + f"{op0015_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op0015_auc-bl_auc:+.4f}" + " | 0 | 适中扰动 |\n"
+            "| 输出扰动 s=0.02 | " + f"{op002_auc:.4f}" + " | " + f"{bl_acc:.1f}" + "% | " + f"{op002_auc-bl_auc:+.4f}" + " | 0 | 零效用损失的有效防御 |\n\n"
+            "综合上述实验结果，两类防御策略在机制上具有互补性: "
+            "标签平滑从训练阶段降低模型的记忆程度，输出扰动从推理阶段遮蔽可被利用的统计信号。"
+            "在实际部署中，可根据场景需求灵活选择或组合使用。\n")
 
     gr.Markdown(
         "---\n\n<center>\n\n"