The large-scale wireless sensing data collected from wireless networks can be used for detecting intruders (e.g., enemies in tactical fields), and further facilitating real-time situation awareness in Army's network-centric warfare applications such as intrusion detection, battlefield protection and emergency evacuation. In this work, we focus on exploiting Received Signal Strength (RSS) obtained from the existing wireless infrastructures for performing intrusion detection when the intruders or objects do not carry any radio devices. This is also known as passive intrusion detection. Passive intrusion detection based on the RSS data is an attractive approach as it reuses the existing wireless environmental data without requiring a specialized infrastructure. We propose a clustering-based learning mechanism for passive intrusion detection in wireless networks. Specifically, our detection scheme utilizes the clustering method to analyze the changes of RSS, caused by intrusions, at multiple devices to diagnose the presence of intrusions collaboratively. Our experimental results using an IEEE 802.15.4 (Zigbee) network in a real office environment show that our clustering-based learning can effectively detect the presence of intrusions.