The original Game Theoretic Mixed Experts (GaME) paper created a game theoretic framework for the adversarial examples game in which the attacker is limited to white box attacks. This allows both the attacker and defender to create finite, tabular, zero-sum games which can be easily solved with linear programming techniques.

When this assumption does not hold, and the attacker is able to use black box attacks, the game theoretic formulation becomes much more complicated. In particular, black box attacks are dependant on the defender’s mixed strategy. This is because black box attack simply query the main oracle whose behavior, in the case of GaME, depends on the defender’s mixed strategy.

Thus, in the future I plan on formulating a more general version of the GaME framework which allows for black box attacks. The framework will utilize techniques such as Tree-Nash and discretization to find an approximate mixed Nash strategy for both the attacker and defender.