My Intrusion Detection ML Model Failed in Real Lab Testing [D]

I’m building a small ML-based cyber attack detection project using a self-created lab environment. Setup includes: GNS3 simulated network Kali attacker node Ubuntu victim server Windows normal client Wireshark/TShark packet capture Python + pandas + scikit-learn I generated my own dataset from captured traffic such as: Attack traffic: FTP brute force SSH brute force Telnet brute force SYN scan / port scan ICMP flood SYN flood Normal traffic: FTP usage SSH login HTTP browsing HTTPS TLS handshake Ping / mixed traffic I trained an initial Random Forest model and accuracy looked very strong.