A connection-chain refers to a mechanism in which some- one recursively logs into a host, then from there logs into another host, and so on. Connection-chains represent an important vector in many security attacks, so it is essential to be able to detect them. In this paper, we pro- pose a host-based algorithm to detect them. We adopt a black-box approach by passively monitoring inbound and outbound packets at a host, and analyzing the observed packets using association rule mining. We first explain the proposed algorithm in greater details, then evaluations are presented to demonstrate its efficiency and detection capabilities. We conduct the evaluation using public network traces, and show that by appropriately setting underlying parameters we can achieve perfect detection, meaning a true positive rate (TPR) of 100% and a false positive rate (FPR) of 0%.