Re: OK, so the dystopian-but-realistic solution is...
A DDoS is hard to spot at the source end, but is pretty unmistakable at the target end (that's rather the idea, after all). The idea would be something like this: A DDoS target notifies their ISP, who analyzes the attack pattern, then starts back-tracing the source addresses of incoming attack packets and reporting them to participating source ISPs, who then filter or disconnect the originating addresses. A significant percentage of inbound traffic to the target will be malicious in a DDoS, so it's not such a needle-in-haystack proposition if you're the destination ISP.
Other ISPs could conceivably be triggered to get into the act by logging source addresses sending to the affected targets, filtering out the legitimate players, and dealing with the rest.
This is not a simple endeavor by any means, and it would definitely require careful automation, but if properly implemented it could nobble many DDoS attacks and deprive them of effect. Even if you don't actively disconnect attack sources, but simply throttle their traffic to the target, a DDoS could be mitigated to the point where it becomes not worth the trouble.