Recently, as IT and Internet technology are rapidly developed, information systems are threatened by advanced and sophisticated attacks. One way to support the availability of the systems is an intrusion tolerant system (ITS), which can maintain its critical services under various attacks. In this study, a new ITS based on live migration is proposed for efficiency and resilience against a denial of service (DoS) attack. While conventional ITSs focus on only the exposure time of virtual machines (VMs) to refresh them, the proposed system introduces to use the features of VMs by live migration in addition to the exposure time. In the propose scheme, the system consists of several VMs, and is refreshed periodically and by the live migration. The live migration is one of refreshing methods, which monitors various features of the VMs in order to identify exhausted VMs and refreshes the exhausted VMs into the pristine VMs regardless of expiring the exposure time. The proposed scheme using the live migration provides efficient performance because the system can respond to requests by healthy VMs. Due to monitoring the status of VMs, the system is able to identify exhausted VMs and replace them with new ones easily at the proper time to continue the required services. In addition, for the efficiency and survivability of system, the proposed scheme has the ability to adjust the number of online VMs according to the amount of incoming packets, through which the system can obtain the countermeasure against a DoS attack. To show the efficient performance and security against DoS, the experiments are conduct by CSIM20, which is a process-oriented, discrete-event simulator. We measured the response times of the proposed system and the original system without our proposed scheme. The experimental results with CSIM20 show that our proposed scheme, compared to the recently reported ITS scheme, improves the system performance of 43.77% in terms of the response time in heavy net...