BIDO: An Out-Of-Distribution Resistant Image-based Malware Detector

While image-based detectors have shown promise in Android malware detection, they often struggle to maintain their performance and interpretability when encountering out-of-distribution (OOD) samples. Specifically, OOD samples generated by code obfuscation and concept drift exhibit distributions that significantly deviate from the detector's training data. Such shifts not only severely undermine the generalisation of detectors to OOD samples but also compromise the reliability of their associated interpretations. To address these challenges, we propose BIDO, a novel generative classifier that reformulates malware detection as a likelihood estimation task. Unlike conventional discriminative methods, BIDO jointly produces classification results and interpretations by explicitly modeling class-conditional distributions, thereby resolving the long-standing separation between detection and explanation. Empirical results demonstrate that BIDO substantially enhances robustness against extreme obfuscation and concept drift while achieving reliable interpretation without sacrificing performance. The source code is available at https://github.com/whatishope/BIDO/.