A major concern people may have is whether
Architecture I can achieve better survivability when the
Intrusion Detector is limited and whether the gained
survivability, if any, is worth the corresponding
performance degradation. To justify the cost-effectiveness
of Architecture I, we have implemented a prototype of
Architecture I on top of an Oracle database server. Our
evaluation results suggest that when the performance of the
Intrusion Detector is reasonable, Architecture I can
effectively locate and repair damage on-the-fly with a
reasonable amount of performance degradation (around
30%) [47].