While image-based detectors have shown promise in Android malware detection, they often struggle to maintain their performance and interpretability when encountering out-of-distribution (OOD) samples. Specifically, OOD samples generated by code obfuscation and concept drift exhibit distributions that significantly deviate from the detector's training data. Such shifts not only severely undermine the generalisation of detectors to OOD samples but also compromise the reliability of their associated interpretations. To address these challenges, we propose BIDO, a novel generative classifier that reformulates malware detection as a likelihood estimation task. Unlike conventional discriminative methods, BIDO jointly produces classification results and interpretations by explicitly modeling class-conditional distributions, thereby resolving the long-standing separation between detection and explanation. Empirical results demonstrate that BIDO substantially enhances robustness against extreme obfuscation and concept drift while achieving reliable interpretation without sacrificing performance. The source code is available at https://github.com/whatishope/BIDO/.

翻译：尽管基于图像的检测器在安卓恶意软件检测中展现出潜力，但它们在遇到分布外样本时，往往难以保持其性能和可解释性。具体而言，由代码混淆和概念漂移产生的分布外样本呈现出与检测器训练数据显著偏离的分布。这种偏移不仅严重削弱了检测器对分布外样本的泛化能力，还损害了其相关解释的可靠性。为应对这些挑战，我们提出了BIDO，一种新颖的生成式分类器，它将恶意软件检测重新表述为似然估计任务。与传统的判别式方法不同，BIDO通过显式建模类条件分布，联合产生分类结果和解释，从而解决了检测与解释之间长期存在的分离问题。实证结果表明，BIDO在保持性能的同时，显著增强了对极端混淆和概念漂移的鲁棒性，并实现了可靠的可解释性。源代码可在 https://github.com/whatishope/BIDO/ 获取。