In edge-cloud collaborative inference, uploading intermediate features to the cloud risks model inversion attacks (MIAs), leading to leakage of raw user data. Method: We propose the first unified defense framework that jointly ensures privacy, utility, and deployability. It introduces a quantitative metric for MIA resistance; a novel edge-model training paradigm enforcing linear and nonlinear correlation constraints; and a funnel-shaped network architecture with lightweight attention to enhance efficiency on resource-constrained edge devices. The method integrates Mutual Information Neural Estimation (MINE), label smoothing, cloud-side upsampling, and correlation regularization. Results: Evaluated across multiple benchmarks, our approach reduces MIA reconstruction quality by over 60% while incurring less than 3% classification accuracy degradation—achieving, for the first time, a balanced trade-off among privacy preservation, task performance, and edge-device adaptability.

The complexity of neural networks and inference tasks, coupled with demands for computational efficiency and real-time feedback, poses significant challenges for resource-constrained edge devices. Collaborative inference mitigates this by assigning shallow feature extraction to edge devices and offloading features to the cloud for further inference, reducing computational load. However, transmitted features remain susceptible to model inversion attacks (MIAs), which can reconstruct original input data. Current defenses, such as perturbation and information bottleneck techniques, offer explainable protection but face limitations, including the lack of standardized criteria for assessing MIA difficulty, challenges in mutual information estimation, and trade-offs among usability, privacy, and deployability. To address these challenges, we introduce the first criterion to evaluate MIA difficulty in collaborative inference, supported by theoretical analysis of existing attacks and defenses, validated using experiments with the Mutual Information Neural Estimator (MINE). Based on these findings, we propose SiftFunnel, a privacy-preserving framework for collaborative inference. The edge model is trained with linear and non-linear correlation constraints to reduce redundant information in transmitted features, enhancing privacy protection. Label smoothing and a cloud-based upsampling module are added to balance usability and privacy. To improve deployability, the edge model incorporates a funnel-shaped structure and attention mechanisms, preserving both privacy and usability. Extensive experiments demonstrate that SiftFunnel outperforms state-of-the-art defenses against MIAs, achieving superior privacy protection with less than 3% accuracy loss and striking an optimal balance among usability, privacy, and practicality.