Split inference (SI) reduces latency and enhances privacy, but intermediate features remain vulnerable to data reconstruction attacks (DRAs), compromising input data security. Existing DRAs suffer from poor reconstruction quality on deep models and high-resolution images, limited generalizability, and insufficient exploitation of semantic priors. To address these limitations, we propose a GAN-based progressive feature optimization framework for DRA. Our method introduces a hierarchical generator jointly constrained by an ℓ¹-ball penalty and optimized via multi-stage gradient updates, progressively refining intermediate representations to improve both semantic consistency and visual fidelity. This work is the first to incorporate progressive feature optimization into DRA. Extensive experiments across diverse benchmarks—including CIFAR-10, ImageNet—and architectures—ResNet and ViT—demonstrate significant improvements over state-of-the-art methods, with PSNR gains exceeding 3.2 dB on high-resolution and out-of-distribution inputs.

The growing complexity of Deep Neural Networks (DNNs) has led to the adoption of Split Inference (SI), a collaborative paradigm that partitions computation between edge devices and the cloud to reduce latency and protect user privacy. However, recent advances in Data Reconstruction Attacks (DRAs) reveal that intermediate features exchanged in SI can be exploited to recover sensitive input data, posing significant privacy risks. Existing DRAs are typically effective only on shallow models and fail to fully leverage semantic priors, limiting their reconstruction quality and generalizability across datasets and model architectures. In this paper, we propose a novel GAN-based DRA framework with Progressive Feature Optimization (PFO), which decomposes the generator into hierarchical blocks and incrementally refines intermediate representations to enhance the semantic fidelity of reconstructed images. To stabilize the optimization and improve image realism, we introduce an L1-ball constraint during reconstruction. Extensive experiments show that our method outperforms prior attacks by a large margin, especially in high-resolution scenarios, out-of-distribution settings, and against deeper and more complex DNNs.