Improvements in networking technologies have provided users with useful information services. Such information services may bring convenience and efficiency, but might be accompanied by vulnerabilities to a variety of attacks. Therefore, a variety of research to enhance the security of the systems and get the services at the same time has been carried out. Especially, research on intrusion-tolerant systems (ITSs) has been conducted in order to survive against every intrusion, rather than to detect and prevent them. In this paper, an ITS based on effective resource conversion (ERC) is presented to achieve the goal of intrusion-tolerance. Instead of using the fixed number of virtual machines (VMs) to process requests and recover as in conventional approaches, the ITS based on ERC can transform the assigned resources depending on the system status. This scheme is proved to maintain a certain level of quality of service (QoS) and quality of security service (QoSS) in threatening environments. The performance of ERC is compared with previous studies on ITS by CSIM 20, and it is verified that the proposed scheme is more effective in retaining a specific level of QoS and QoSS.