To mitigate sensitive data leakage risks—particularly embedding inversion and attribute inference attacks—in private fine-tuning of large language models within cloud-edge collaborative settings, this paper proposes a novel token-level differential privacy mechanism built upon Split Learning. Our approach innovatively integrates *n*-hop neighborhood alignment and importance-adaptive noise scaling, achieving privacy-utility Pareto optimization under the *dχ*-Privacy theoretical framework. Evaluated on five benchmark datasets—including SST-2—using RoBERTa, our method reduces attack success rates by over 50% (down to 10%) while incurring only a 3.33% drop in task accuracy. This represents a significant improvement over state-of-the-art methods, demonstrating superior trade-offs between privacy preservation and model utility in distributed fine-tuning scenarios.

With the rise of large language models, service providers offer language models as a service, enabling users to fine-tune customized models via uploaded private datasets. However, this raises concerns about sensitive data leakage. Prior methods, relying on differential privacy within device-cloud collaboration frameworks, struggle to balance privacy and utility, exposing users to inference attacks or degrading fine-tuning performance. To address this, we propose PrivTune, an efficient and privacy-preserving fine-tuning framework via Split Learning (SL). The key idea of PrivTune is to inject crafted noise into token representations from the SL bottom model, making each token resemble the $n$-hop indirect neighbors. PrivTune formulates this as an optimization problem to compute the optimal noise vector, aligning with defense-utility goals. On this basis, it then adjusts the parameters (i.e., mean) of the $d_chi$-Privacy noise distribution to align with the optimization direction and scales the noise according to token importance to minimize distortion. Experiments on five datasets (covering both classification and generation tasks) against three embedding inversion and three attribute inference attacks show that, using RoBERTa on the Stanford Sentiment Treebank dataset, PrivTune reduces the attack success rate to 10% with only a 3.33% drop in utility performance, outperforming state-of-the-art baselines.