They hide the code/script which is being run. It encrypts and runs it I think. Thats why it becomes undetectedable. Then i guess BE can reverse engineer the hack and find the encryption key, then ban the scripts and hacks.
This probably isn't right. But it kinda seems like it could be that.
Bypassers hide the hack, some hide scripts some hide plugin-containers, different ones use various methods to stop Battleye realizing a hack is being executed.