If the witness is attacked by DDOS, and the 12 witnesses are attacked and unable to issue witness blocks, what shall we do? Does byteball's network stop? Will it be as unsafe as DPOS?
Witnesses are likely hidden with TOR so you won't be able to find them even with the complicity of the hub they are connected to. In the case you still managed to find their IP, you would need a huge DDOS power to take all them down since they are hosted all around the world on several networks all having their own DDOS protections.
Is it safer to have 100 witness than just 12? Would more resources (block size) be required if there is more witness?
The choice of 12 witnesses is explained in whitepaper:
We require that the number of witnesses is exactly 12. This number 12 was selected because:
it is sufficiently large to protect against the occasional failures of a few witnesses (they might prove dishonest, or be hacked, or go offline for a long time, or lose their private keys and go offline forever)
it is sufficiently small that humans can keep track of all the witnesses to know who is who and change the list when necessary
the oneallowed mutation is sufficiently small compared with the 11 unchanged witnesses.
100 witnesses would require too much much work for an individual to investigate about each witness and determinate if he can be trusted or not.