Understanding the Difference between Server Overload and DoS/DDoS
The difference is intent.
In the normal overload case, your server has perhaps become very popular and is receiving a huge number of legit requests. (E.g. front page of digg/slashdot.)
In a (D)DoS, the attacker is intentionally trying to overload your server. So the attacker would design the attack in a way that would defeat certain mitigation strategies — especially taking advantage of the application(s) running on the server in order to consume either excess bandwidth, CPU, etc.
A lot would depend on your application, but as a simple example: A mitigation strategy designed to withstand simply “being slashdotted”, say by serving a static copy of your front page, could be easily defeated by generating tons of requests for deep pages, or for your search functionality, or for a large file, or by hitting your CAPTCHA image generator particularly hard.