Deep learning (DL) models have been widely applied to security-sensitivity tasks, such as auto-driving, etc. Attacks and defenses concerned with the DL have gradually become hot spots in the field of machine learning. The black box attack,as a typical attack type and the most common attack method in the real context, can still perform effective attacks without knowing the specific structure of the model and parameters. Therefore, a reasonable analysis of the vulnerability of the DL model and design of a more robust model against black-box attacks has become an emergent topic. Traditional single-strength and multi-strength adversarial training methods based on single-model are infeasible to resist black-box attacks. Ensemble adversarial training based on multi-model still fails to resist attack samples that are high-intensity and diversify.In order to solve this problem, the mixed adversarial training defense strategy based on greedy search strength is proposed. Experimental results show that the proposed defensive strategy has robustness faced with the diversified black box attacks, and superior performance compared to conventional adversarial training methods.