1) The document describes a study on using density k-means clustering to analyze logs and detect denial of service attacks. Logs are clustered into three danger levels: low, medium, and high.
2) The density k-means algorithm was tested on a dataset of 11.3 million logs from a victim server under attacks. The clustering resulted in two clusters corresponding to medium and high danger levels.
3) The results were verified against original log files, which confirmed attacks on ports 21 and 443, corresponding to the detected LOIC and FTP brute force attacks.