The amount of high-quality data determines the performance of the deep learning model. In reality, the data is often physically distributed in different organizations, and model averaging can train a deep model on the distributed data, while providing competitive performance compared with training a model on the centralized data. However, it cannot prevent inversion attack, as the intermediate parameters are transmitted during training. Some data enhancement methods, such as mixup, can effectively enhance the data privacy. In this paper, we propose a novel model averaging method combined with mixup, which provides protection against inversion attack. Besides we conduct experiments using state-of-the-art deep network architectures on multiple types of dataset to show that our method improves the classification accuracy of models.