the bottleneck question remains unanswered.
just to give it one more try:
do you do dynamic routing as in ospf/bgp?
if yes: why not propagate a blackhole route
for the offending source ips to your upstream isp and let them deal with it?
(remember to flush offenders list after some time, otherwise you might make it way worse)
if your isp won't allow you to talk bgp/ospf:
why not rent 1 or 2 cheap vservers w unlimited traffic (cheaper than idps licensing), setup (open)vpn between local firewall and vservers; setup dns round-robin TBT to vservers, get a new fiber public ip (unknown to bad boys) and do the null routing via (open)vpn client routes pushed to vservers? https://www.leaseweb.com/en
is a good netherlands-based isp for such things. 5eur/month vservers, 50eur/month cdn. cheaper offers will most likely also exist someplace else.
better answers will also most likely exist ... once the actual problem / bottleneck has been identified and communicated.
(a network toplogy map would probably also help, big time)