Per Cisco, NTP DOS attacks are mitigated in IOS that support NTPv4; All other versions of Cisco software are affected. see details here
"There are no workarounds other than disabling NTP on the device".
Easy way is to disable NTP service; Cisco doc says that Network Time Protocol services are disabled on all interfaces by default. But it can be enabled globally when you enter any NTP command. So, You can choose to disable completely or selectively ntp disable command.
ntp disable will prevent NTP packets from being received on specific interface.
if disabling NTP is not an option, there are 2 ways to secure it: NTP access group and NTP authentication.
NTP access group is like ACL for NTP. it allows you to permit or deny access to network, a subnet, or a host. There are several options for this ntp access-group command. see configuration guide.
NTP authentication is about process of synchronization using MD5. Basically, NTP authentication lets your define your trusted time source(s) and preventing you from synchronizing with unauthenticated and unconfigured network peers.
Here are link about DDOS attack in NTP and a summary of preventions
There might be 2 NTP vulnerabilities discovered. first one in 2009, then 2014. See under "Restrictions for Network Time Protocol" in https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/bsm/configuration/15-mt/bsm-15-mt-book/bsm-time-calendar-set.html
or 2nd one updates 1st one and gives u some option to fix it.