Wi-Fi technology has seen rapid growth in the last two decades. It has revolutionized the way we access the Internet. However, they are vulnerable to Denial of Service attacks, Encryption Cracking, and Rogue Access Points etc. In this manuscript, our focus is on Evil Twin Attack, the most common type of Rogue Access Point (RAP). An evil twin AP lures client(s) into connecting to it, disguising itself as a genuine AP by spoofing its MAC address and SSID (Service Set IDentifier). Once a client is connected to the evil twin AP, the attacker can spy on its communication, re-direct client(s) to malicious websites, compromise credentials. Whitelisting AP(s), timing based solutions, patching AP/client etc., are some existing methods to detect evil twin AP(s) in a network. However, practically methods demand comprehensive set up and maintenance, they suffer from scalability and compatibility issues. Some even require protocol modifications, thus making it expensive and practically infeasible in a large scale network with no proof of correctness. To address these issues, we propose a Discrete Event System (DES) based approach for Intrusion Detection System (IDS) for evil twin attacks in a Wi-Fi network.