Apparently since I last looked into it, "Protected Management Frames" from 802.11w are a bit better supported (in non-professional APs), which solve this issue by not allowing "anonymous" deauthentication. (requires support on both clients and AP though)
You of course can monitor for deauthentication packets, but unless you know when/if your AP is sending them during normal operation you can't make sure that an individual occurrence is an attack or not. If someone floods them, it's easier to tell of course.
If you want to protect individual traffic in a network you have to share access/are worried about passwords getting lost, the best solution is to go to WPA2 Enterprise with per-device credentials. On CCC-run hacker events they even use it for the "open" WLAN, and just accept any username and password.
You of course can monitor for deauthentication packets, but unless you know when/if your AP is sending them during normal operation you can't make sure that an individual occurrence is an attack or not. If someone floods them, it's easier to tell of course.
If you want to protect individual traffic in a network you have to share access/are worried about passwords getting lost, the best solution is to go to WPA2 Enterprise with per-device credentials. On CCC-run hacker events they even use it for the "open" WLAN, and just accept any username and password.