RFC 3514 (dated Apr 1, 2003) defines the new security flag in the IPv4 header.
Firewalls, packet filters, intrusion detection systems, and the like often have difficulty distinguishing between packets that have malicious intent and those that are merely unusual. We define a security flag in the IPv4 header as a means of distinguishing the two cases.