Aiming at the growing threat of distributed denial of service (DDoS) attacks under the rapid popularization of IPv6, this study proposes a two-stage DDoS defense mechanism, including a pre-detection stage to real-time monitor the early appearance of DDoS attacks and a deep-detection stage to accurately filter DDoS traffic after an alarm. First, the IPv6 traffic format is analyzed and the hexadecimal header fields are extracted from PCAP capture files as detection elements. Then, in the pre-detection stage, a lightweight binary convolutional neural network (BCNN) model is introduced and a two-dimensional traffic matrix is designed as model input, which can sensitively perceive the malicious situation caused by mixed DDoS traffic in the network as evidence of DDoS occurrence. After the alarm, the deep-detection stage will intervene with a one-dimensional convolutional neural network (1DCNN) model, which can specifically distinguish the mixed DDoS packets with one-dimensional packet vector as input to issue blocking policies. In the experiment, an IPv6-LAN topology is built and the proposed pure IPv6-DDoS traffic is generated by replaying the CIC-DDoS2019 public set through NAT 4to6. The results show that the proposed mechanism can effectively improve response speed, detection accuracy, and traffic filtering efficiency in DDoS defense. When DDoS traffic only takes 6% and 10% of the total network, BCNN can perceive the occurrence of DDoS with 90.9% and 96.4% accuracy, and the 1DCNN model can distinguish mixed DDoS packets with 99.4% accuracy at the same time.