Chaos-Based Detection of Malicious Links Using Lyapunov Exponents and Entropy

Malicious websites continue to pose severe risks to internet security, often evading static defenses through URL obfuscation, polymorphism, and adaptive payload delivery. While recent research has shown that neural networks trained on URL sequences can achieve high accuracy in detecting phishing and malware domains, such methods remain inherently vulnerable to runtime evasions that leave URLs syntactically benign. In this paper, we introduce a novel chaos-theoretic framework for malicious link detection that shifts the focus from static URL features to the \emph{dynamical behavior} of web pages. By modeling the browsing process as a nonlinear dynamical system, we compute the largest Lyapunov exponent from runtime telemetry (CPU, memory, DOM activity, and script execution) and complement it with a finite time divergence entropy inspired by Kolmogorov -Sinai entropy. Positive values of either measure reliably indicate instability and malicious intent. Comparative analysis against state of the art neural network methods highlights the novelty and efficacy of our approach: whereas deep models excel in large-scale lexical detection, our framework captures runtime instability and unpredictability that such models cannot observe. Experiments on benign and malicious datasets demonstrate clear separation between classes, establishing chaos based dynamics as a principled and complementary tool for advancing cybersecurity.