One type of security risk faced by businesses and other entities operating on the internet is the possibility that attackers may target their online presences, and disrupt their capabilities to deliver online services. A common form of attack in this regard is known as a denial-of-service (DoS) attack, which is generally an attack that aims to make a server or other network resource unavailable to its intended users. DoS attacks are often carried out by botnets that have infiltrated many different network endpoints (e.g., client computing devices), and that exploit the endpoints to simultaneously flood a target server with thousands, or even millions, of communication requests. The extreme volume of requests can overload the ability of the server to respond to legitimate web traffic, or can at least impair the server's response time to such a degree that it becomes effectively non-responsive. In some cases, DoS attacks can be particularly effective by flooding a target server with requests to initiate web transactions that are known to be computationally expensive. For example, e-commerce websites often allow users to maintain a shopping cart of items that they may purchase. Adding and removing items from a cart can be computationally expensive due to significant backend processing performed by the server before a response is generated. Some attackers have exploited the shopping cart, and other expensive transactions, to carry out successful DoS attacks. The consequences of DoS attacks can be significant for targets of the attack, who may suffer financial loss as a result of the attack (e.g., from lost sales that would have occurred while its online services were unavailable), and who may even be harmed in the longer-term after an attack has occurred due to negative perceptions of the target's services as insecure or unreliable.