Today everyone has to use a CDN to even try to defend against such attacks; and all they do is bulk filter the attack out while degrading the end user transparency of the service. Under 'load' some websites have to load an active filter page and execute code on the clients to authenticate that it's a valid client, rather than an attacker.
The proper solution is to identify compromised devices and isolate them from the Internet. For hosts under attack to use a side channel to the ISPs routing the packets to ask them: "Please do not send anything from X to me for a bit; unless they satisfy to you that a user is in control." The request should be 'signed' by an end user key, authenticated by their ISP, and filtering should begin at the edge of that ISP. If they feel it necessary, they too can send a request to their ISP. Until this escalates to the backbones. Then it can press further back, down to the compromised node. That would allow infected end users to be quarantined, informed, allowed to download security updates and some other limited website interactions (manufacturer websites for updated firmware, some after-market firmware sites/tool sites like OpenWRT/DD-WRT/Linux distros, etc).
Fix the DDoS issue, also fix the home upload bandwidth issue, and you too can host your own family photos/videos.
The “home upload bandwidth issue” is “it's not a thing consumers demand, and we have business-class service for people who do have a need forit.”
I'm not sure what there is to solve...
Not possible without investing literally dozens of billions of dollars into laying fiber - and no matter where you look, actual physical infrastructure like roads, bridges and public transport is outright decaying so where should that money come from, and where in the world do enough actual digging crews exist to lay all that fiber.
DSL simply is physically unable to do symmetric high speed and for coax/cable-tv internet there always remains the problem of oversubscription.
This is the core fuck up of our time.
People don't usually use much upload and providers don't want you to upload, so you get lower upload speeds vs. download speeds, even in hardware and standards.
There is a mechanism for amending the constitution of the United States if enough people want to elect representatives to force other people to pay for their upload bandwidth.
Military spending is a different bucket. If you object to Military Spending (and I do, as you appear to do), take it up over at the counter of not-false-equivalences.
I'm not in the US. We have our own problems here in Australia. We did all pay for IT infrastructure but the government completely fucked it up as expected.