The goal when ddos'ing nodes is to first set up many nodes yourself, then ddos the other nodes, so you can then have a control of big enough percentage of the nodes so you can spy the transactions with good enough success.
Again, since transactions are fragmented into small pieces and then sent through the network, this attack would not be effective. The attacker could try to spy the network, but the
truth of the matter is that the remaining good nodes are still going to end up handling the transactions, however few they may be. But again, since every single wallet is a node, I just don't see this attack being feasible.
How can you tell which nodes are good and which nodes are spying? You can't.