Wander around with netstumbler, and monitor the strength of the evil network. Once you've actually located the person you can:
a) complain to their mom
b) move your access point to where it's out of their range
c) setup a malicious network of the same name with and perform MITM attacks on them (sslstrip, sslsplit, dsniff, malicious nameserver, redirect them to a copy of someone elses drive-by-0day page)
If they run the deauth attack more than once (it only has to be run once), they're fairly unlikely to succeed unless given serious help (like changing the network encryption to wep).