Industrial Internet of Things (IIoT) systems are increasingly exposed to distributed denial-of-service (DDoS) attacks that disrupt production continuity, exhaust edge resources, and obscure operational accountability. Recent work has shown that sliding visibility graphs can transform packet-count time series into topological networks and reveal structural differences between normal and attack traffic. This article develops a new explainable AI framework for industrial DDoS detection by integrating visibility-graph topology with machine-learning classifiers and post-hoc explanation mechanisms. Rather than treating prediction accuracy as the sole criterion, the study formalizes a pipeline that links time-window construction, sliding visibility graph mapping, statistical feature extraction, topology-aware feature fusion, classifier training, and explanation delivery for security operators. A reconstructed feature-level evaluation, anchored in IIoT DDoS traffic characteristics reported in the source manuscript, compares support vector machines, random forests, gradient-boosted decision trees, and multilayer perceptron’s under statistical-only, topology-only, and fused feature settings. The fused configuration achieves the strongest balance of accuracy, recall, and interpretability, while explanation analysis shows that degree variance, average degree, modularity, burst dispersion, and first-difference volatility play different roles across high-rate, low-rate, and fragmentation attacks. The article contributes an XAI-oriented industrial cybersecurity architecture, a feature-explanation taxonomy for SVG-derived traffic analytics, and deployment guidance for edge-compatible, auditable DDoS detection in smart manufacturing environments.