Distributed deep neural networks (DNNs) in edge computing suffer from insufficient adversarial robustness. Method: This paper pioneers an information-theoretic framework to rigorously model and quantify the dual impact of latent-space compression ratio and network partitioning depth on robustness. It proposes a novel distributed DNN design paradigm that jointly optimizes robustness and task accuracy. Contribution/Results: Through theoretical analysis and extensive experiments—including six DNN architectures, six partitioning strategies, ImageNet-1K, and six adversarial attack types—we establish that moderate latent-dimensional compression improves robustness at the cost of accuracy, while deeper partitioning enhances robustness but increases edge-side computational overhead. The work uncovers a fundamental triadic trade-off among robustness, accuracy, and computational efficiency, providing both theoretical foundations and practical guidelines for secure and efficient edge intelligence inference.

Distributed deep neural networks (DNNs) have been shown to reduce the computational burden of mobile devices and decrease the end-to-end inference latency in edge computing scenarios. While distributed DNNs have been studied, to the best of our knowledge, the resilience of distributed DNNs to adversarial action remains an open problem. In this paper, we fill the existing research gap by rigorously analyzing the robustness of distributed DNNs against adversarial action. We cast this problem in the context of information theory and rigorously proved that (i) the compressed latent dimension improves the robustness but also affect task-oriented performance; and (ii) the deeper splitting point enhances the robustness but also increases the computational burden. These two trade-offs provide a novel perspective to design robust distributed DNN. To test our theoretical findings, we perform extensive experimental analysis by considering 6 different DNN architectures, 6 different approaches for distributed DNN and 10 different adversarial attacks using the ImageNet-1K dataset.