Chaos-based security applications are facing great challenges with various data analysis and prediction techniques. Focusing on the security risks in chaotic applications, this paper proposes a structure-varying delay -coupled chaotic model (SVDCCM), which has attack immunity and is proven to be chaotic mathematically. To choose suitable coupling structures for variation, the effects of different structures on chaotic performance are investigated in detail. We recommend loop structures for better chaotic behaviors and the structures in which the same coupling terms exist should be avoided to produce synchronous behaviors. Moreover, the general changing principles including random and fast varying are proposed to be the guidance on designing structure -varying systems, and a simple state-driven changing mechanism is given as an example. Experiment results show that SVDCCM has complex chaotic behaviors, good statistical properties, and high unpredictability. Its security when facing various attack challenges is also demonstrated, such as time-frequency attacks, phase space reconstruction attacks, change-point detection, etc. To illustrate its feasibility in the practical security application, a pseudo-random number generator (PRNG) based on SVDCCM is designed and implemented on the hardware platform. Performance tests indicate that the proposed PRNG can produce binary sequences with high reliability of randomness and unpredictability, which can be used in cryptosystems and other potential applications.