Hi,
DDoS for subscribers depends on the type of access mode where B-RAS(as edge) is deployed into. If its open network (like airport/malls..etc), or if the access network is multiplexed from many sub-providers. the DDoS for subscriber is tuned to aggressive value.
If your access side of network is well protected with border/edge firewalls and where B-RAS deployed for home/office/residence boardband subscribers), you should stick with default DDoS settings that pretty much does the job which ratelimits/polices high incoming flows when it hits default peak rate for given protocol (in DDoS). Also, on top DDoS, from JUNOS 15.1 onwards, we have another lite weight protection function call ERA( Event Rate Analyzer) which turned ON by-default giving to enough protection against high incoming frames. More on what ERA is or does, check my post here: https://forums.juniper.net/t5/Junos/jdhcpd-era-discover-log-what-is-it-for/m-p/323735#M12783
And ofcourse, if at any point, if operator suspect control packet drops or high inflow taking CPU resource due to possible DDoS, you can tune DDoS for given protocol based on avtive pps inflow.