Deep learning (DL) has recently started to be applied in many applications, e.g., autonomous driving, speech recognition, and natural language processing. Yet, many state-of-the-art DL systems are still vulnerable to adversarial examples, which hinders their adoptions in safety- and security-critical scenarios. While some recent progress has been made in analyzing the robustness of feed-forward neural networks, the robustness analysis for stateful DL systems, such as recurrent neural networks (RNNs), still remains largely uncharted. In this paper, we propose MARBLE, a model-based approach for quantitative robustness analysis of real-world RNN-based DL systems. MARBLE first profiles RNNs using training data to collect information on how models behave under controlled perturbations. We then build a probabilistic model to compactly characterize the behavioral robustness of RNNs, through abstraction. Furthermore, we propose a refinement algorithm to iteratively derive a precise abstraction which enables accurate quantification of the robustness measures. We evaluate the effectiveness of MARBLE on both LSTM and GRU models trained separately with three popular natural language datasets. The results demonstrate that (1) our refinement algorithm is more efficient in deriving an accurate abstraction than the random strategy, and (2) MARBLE enables quantitative robustness analysis, in rendering better efficiency, accuracy, and scalability than state-of-the-art techniques.