Modern　software　has　evolved　from　delivering　software　products　to　web　services　and　applications,　which　need　to　be　protected　by　security　operation　centers　(SOC)　against　ubiquitous　cyber　attacks.　Numerous　security　alerts　are　continuously　generated　every　day,　which　have　to　be　efficiently　and　correctly　processed　to　identify　potential　threats.　Many　AIOps　(artificial　intelligence　for　IT　operations)　approaches　have　been　proposed　to　(semi-)automate　the　inspection　of　alerts　so　as　to　reduce　manual　effort　as　much　as　possible.　However,　due　to　the　ever-complicating　attacks,　a　significant　amount　of　manual　work　is　still　required　in　practice　to　ensure　correct　analysis　results.　In　this　paper,　we　propose　a　Context-Aware　cLustering　approach　for　cLassifying　sEcurity　alErts　(CALLEE),　which　fully　exploits　the　rich　relationships　among　alerts　in　order　to　precisely　identify　similar　alerts,　significantly　reducing　the　workload　of　SOC.　Specifically,　we　first　design　a　core　conceptual　model　to　capture　connections　among　security　alerts,　based　on　which　we　establish　corresponding　heterogeneous　information　networks.　Next,　we　systematically　design　a　set　of　meta-paths　to　profile　typical　alert　scenarios　precisely,　contributing　to　obtaining　the　representation　of　security　alerts.　We　then　cluster　security　alerts　based　on　their　contextual　similarities,　considering　the　tradeoff　between　the　number　of　clusters　and　the　homogeneity　of　each　cluster.　Finally,　security　operators　only　need　to　manually　inspect　a　limited　number　of　alerts　within　each　cluster,　pragmatically　reducing　their　workload　while　ensuring　the　accuracy　of　alert　classification.　To　evaluate　the　effectiveness　of　our　approach,　we　collaborate　with　our　industrial　partner　and　pragmatically　apply　the　approach　to　a　real　alert　dataset.　The　results　show　that　our　approach　can　reduce　the　workload　of　SOC　by　99.76%,　outperforming　baseline　approaches.　In　addition,　we　further　investigate　the　integration　of　our　proposal　with　the　real　business　scenario　of　our　industrial　partner.　The　feedback　from　practitioners　shows　that　CALLEE　is　pragmatically　applicable　and　helpful　in　industrial　settings.　　©　1976-2012　IEEE.