The accelerating digitalisation of industrial production has placed the Industrial Internet of Things (IIoT) at the centre of operational decision making, yet the same connectivity that enables data-driven management also expands the cyber attack surface (Lu, 2017b; Sisinni et al., 2018). Distributed Denial-of-Service (DDoS) campaigns directed at IIoT endpoints constitute a particularly disruptive class of operational risk because they can interrupt production lines, distort sensor telemetry, and corrupt the analytics pipelines on which managers rely (Lu & Xu, 2019; Kolias et al., 2017). This study reframes IIoT DDoS detection as a management analytics problem (Lu, 2021; Lu et al., 2024c) in which traffic time series are simultaneously summarised by statistical descriptors and by topological descriptors derived from a graph representation of the series. We adopt a Sliding Visibility Graph (SVG) construction that maps each segmented packet-rate window into a complex network in linear time, and we extract structural indicators including average degree, degree variance, modularity, and density together with conventional moments such as standard deviation, skewness, and kurtosis (Newman, 2003; Zou et al., 2019). The resulting fused feature vector is fed into a Support Vector Machine classifier (Cortes & Vapnik, 1995) and benchmarked against single-feature baselines on a recent IIoT dataset. The fused configuration attains an accuracy of 97.16% and an F1-score of 89.54%, materially surpassing threshold-based, entropy-based, and pure-statistics baselines. Beyond classification, the study examines macro-level structural signatures: the degree distribution of attack traffic exhibits a steeper power-law tail than benign traffic, the Hurst exponents of SVG degree sequences differ systematically across attack families, and DDoS traffic forms tighter and more modular communities than benign traffic (Donner et al., 2010). These findings give risk managers an interpretable, structurally grounded vocabulary for describing how attack behaviour differs from routine operations and provide a defensible basis for tiered alerting and resource allocation in industrial control environments (Cherdantseva et al., 2016; Eling & Wirfs, 2019).