In the centralized network control environment of Software-Defined Network (SDN), the problem of a single point of failure exists in the controlling plane. In order to solve the problem, a kind of controller architecture was proposed based on intrusion tolerance ideology to improve the availability and reliability of network by using the redundant and diverse central controller platform. In the proposed architecture, the intruded controllers were detected by comparing their messages. Firstly, the key message types and fields needing to be compared were defined. Then, different controller messages were compared using a consistency judgement algorithm. Finally, the controllers with abnormal messages would be isolated and restored. The Mininet-based intrusion tolerance reliability test demonstrated that the controller architecture based on intrusion tolerance could detect and filter the abnormal controller messages. The Mininet-based response-delay test showed that the requirement-delay of underlying network increased by 16% and 42% while the tolerance degree was 1 and 3 respectively. In addition, the Cbench-based response-delay and throughput tests showed that the performance of the intrusion tolerance controller lay among the subsidiary controllers, such as Ryu and Floodlight, and approached the advanced one. In practical application, the quantity and type of the subsidiary controllers can be configured according to the security level of application scenarios, and the proposed intrusion tolerance controller can satisfy the application requirements of response rate and intrusion tolerance degree.