The rapid technological improvements in modern Internet infrastructures have had considerable influence on our daily lives. Valuable and confidential information is arising over the network and various services using Web applications have penetrated all aspects of the lives of people. ITSs (Intrusion Tolerant Systems) have been proposed to ensure seamless service delivery and real-time service under the sophisticated and advanced attacks. To achieve enhanced intrusion tolerant, we proposed hybrid recovery-based ITS to maintain a critical service in various attacks. The proposed ITS utilizes hybrid recovery (proactive recovery an reactive recovery) and dynamic cluster resizing. The hybrid recovery operates the recovery process both proactive and reactive ways for the system to gain shorter exposure times and higher success rates. The reactive recovery to complement the proactive recovery is effective in reacting to a stealthy resource exhaustion attack such as the application-layer DDoS attack. The dynamic cluster resizing reduces the overhead of the system that occurs from dynamic workload fluctuation, and mitigate the volumetric DDoS attacks. Using the CloudSim simulator, the performance of proposed ITS offers ensures high availability and reliability for the various workloads, even under attacks. Moreover, to prove the feasibility and superiority of the performance of proposed ITS, we implemented a prototype based on Docker (container-based virtualization) and tested it with an attack using real vulnerability.