I also imagine (without data) that most DoS attacks continue to be performed by botnets, using other people's connections, rather than directly by their ultimate perpetrators. So, the most effective and meaningful mitigation would be trying to clean up bots, and prevent ongoing bot infections, rather than cutting off suspected or actual perpetrators.
I realize that's much easier said than done!
