Wi-Fi hotspot or Access point indicates many threats that lead to compromise a user’s identity, personal data, and network integrity. Therefore, this will uncover the users to the adversaries who deploy Rogue Access Point (RAP) by purpose to pilfer sensitive information. Hence, the adversaries can exchange the communication anonymously or mimic it as a client to pose a threat to public safety. The research aims to propose a new approach based on the beacon frame anomaly to detect the threats of RAP in the Wi-Fi hotspot. This research uses dual-pass identification steps to detect the RAP to identify the anomalies between the first and second responses. First, the identification will check the AP legitimacy to uncover the true identity of an AP. Second, the connection type of RAP is necessary to identify once the AP is determined as a rogue. The five (5) features have been selected in this research: the beacon response, OUI Number, address 1-4, retry bit, and IBSS status. The combination of all the features was 100% successfully detected the presence of RAP and identify its connection source.