Packet flood detection tracks wireless management frames the AP can hear. This includes but is not limited to beacons, probe request, probe responses, association requests, etc… This information is meant to identify devices that are spamming the network with management traffic (either intentionally or unintentionally). When a certain threshold of the 12 different frame types we monitor are hit in a given amount of time; a flood is triggered. Your taking the right approach of blocking the MAC however some attacks especially with something like a WiFi pineapple needs additional research methods to finding the source device and location.
In my experience it is much easier tracking down non-malicious than malicious. The device in a malicious attack tends to move and easily evade. Packet captures can be key in tracking any of these floods down, some are persistent other are sporadic.
If others on the community have experience please chime in.