An intrusion tolerant system (ITS) is a network security system composed of redundant virtual servers that are online only in a short time window, called exposure time. The virtual servers are periodically recovered to their clean state, and any infected servers are refreshed again, so attackers have insufficient time to succeed in breaking into the servers. However, there is a conflicting interest in determining exposure time, short for security and long for performance. In other words, the short exposure time can increase security but requires more virtual servers to run to process incoming requests in a timely manner. In this dissertation, we propose an ITS incorporated in SDN (Software Defined Networking), which can reduce exposure time without consuming more computing resources. In the proposed system, there are two types of servers: some servers with long exposure time (White server) and others with short exposure time (Gray server). Then, the proposed system classifies incoming network traffic into benign and suspicious types with the help of SDN/NFV (Network Function Virtualization) technology that also allows dynamically forwarding the classified traffic to White and Gray servers, respectively. By reducing exposure time of a set of servers, the proposed system can decrease exposure time on average.