With the increasing dependence on Wireless Local Area Networks (WLANs), businesses and educational institutions are in real need of a robust security mechanism. The latest WLAN security protocol, the IEEE 802.11i assures rigid security for wireless networks with the support of IEEE 802.1x protocol for authentication, authorization and key distribution. Nevertheless, users remain skeptical since they lack confidence on the practical trustworthiness of these security mechanisms. In this research we propose a novel Early Warning System (EWS), built on the foundations of IEEE 802.11i security architecture. Our proposed system can effectively detect anomalies, substantiate them, and also identify the basis for such malicious behavior. It has a number of levels of defense to scrutinize malicious behaviors of the wireless network, caused by a range of factors including security issues. Security alerts will be raised only when the legitimacy of abnormal conditions is validated using effective outlier based substantiation techniques. Timing anomalies can occur due to various conditions including security vulnerabilities in the wireless environment. Hence, detecting and analyzing such anomalies may lead to significant advancement towards the detection of misbehaving wireless hosts. In this view, we have discussed the effectiveness of monitoring and analyzing round trip timing values between every request and response messages during the authentication process of wireless hosts. Further, to enhance the capabilities of our detection mechanism we have also considered the effect of behavioral anomalies of the wireless hosts. Every wireless host that tends to connect to the wireless network exhibits a particular behavior. This behavior may vary depending on a number of issues including security vulnerabilities. Hence, in this study we have discussed the use of behavioral analysis for detecting abnormal conditions. We have used the standard theoretical/practical behavior profiles developed using a software model of the wireless hosts to compare the actual behavior during a specific authentication process.